Joomla and SQL Injection attacks

Last week Providence picked up a significant increase in chatter about Joomla and SQL Injection attacks as can be seen in Figure 1 below.


Figure 1 – Overall weekly cyber chatter

Drilling down into this information as seen in Figure 2 below identifies that most the chatter is in relation to the Joomla Store for K2 3.8.2 Component – SQL Injection Vulnerability. For details of this exploit please refer to www[.]exploit-db.com/exploits/41440/


Figure 2 – Filtered chatter results

The chatter which Providence identified was collected from a mix of sources, some being media outlets and security blogs, while others were cyber threat actors posting about the vulnerability.

What is interesting is several threat actors were identified as leveraging the chatter around this vulnerability as a means of selling their own services. One of these can be seen in Figure 3 below.


Figure 3 – Threat actor post in Providence

This threat actor has been known to WorldStack for several years so it was interesting to find him promoting his website where people can purchase exploits. While he uses the term Zero Day it is unlikely any of his exploits are actual zero day vulnerabilities. It is more likely he uses this term to grab people’s attention.



Figure 4 – Threat actor post and profile screenshots

2018-07-01T22:08:35+00:00

About the Author:

Daniel is the CEO and Co-Founder of WorldStack, the leading open source intelligence solutions provider in Australia. He is a successful IT and cyber security professional with extensive experience in the national security and intelligence industry.

ENJOYING THE ARTICLES?

Your pulse for what's happening with Worldstack and across OSINT.