Good evening aspiring ethical hackers. Joomla is one of the most popular CMS for websites. To further improve its features Joomla has components or extensions which can be installed by the web admin as per requirement. These are similar to plugins in WordPress. Last month hackers found many vulnerabilities in so many extensions of Joomla.
But how do we find out Joomla websites with this vulnerable plugins installed. Once again, Metasploit saves the day for us as it has an auxiliary module for Joomla plugin enumeration. Start Metasploit and load the module as shown below.
This module has Rhosts option instead of Rhost option as we generally scan multiple IP addresses to check for vulnerable websites. Set the IP addresses as shown below with space between each IP address.
Now type command “run” to see the plugins installed on all these websites.
How does this module work? If you have seen in the first image, this module takes the list of plugins to enumerate from file “usr/share/metasploit-framework/data/wordlists/joomla.txt”. I have little knowledge whether this file is updated as fast as the Joomla plugins developed. You can open this file with any text editor as shown below.
If the component you want to search for is not listed, you can make your own entry as shown below. I have added two components here, which are vulnerable to sql injection but not included in the file before. Save and close the file.
I run the scan again and found one Joomla website with this plugin installed. Happy hacking.