An Out-of-Date CMS is No Match for a Skilled Intruder

Conclusion

This article presents another great example of why you should keep your application versions up-to-date. I showed that you can take advantage of a bug in the application code to manipulate the underlying database. At worst, this technique allows me to obtain a valid username. At best, a clever exploit allows me to get a cracked password to use for SSH access. Once I have SSH access, it is just a matter of time before I elevate the privileges to the root user. From there, it is game over.

I hope you have learned from this look at gaining access to a server. Successful attacks against even high-profile brands start in a similar way. You might be surprised at how badly some online services are set up when it comes to dealing with attacks. If you are running your own servers, stay vigilant.

Infos

  1. LAMP installations on Ubuntu 16.04: https://www.rosehosting.com/blog/how-to-install-lamp-on-ubuntu-16-04
  2. CMS Made Simple: https://www.cmsmadesimple.org
  3. Installation page: https://getsimple.info/wiki/installation
  4. Download page: http://dev.cmsmadesimple.org/project/files/6
  5. NVD CVE entry: https://nvd.nist.gov/vuln/detail/CVE-2019-9053
  6. CVE details: https://www.cvedetails.com/cve/CVE-2019-9053
  7. CMS Made Simple tip: https://forum.cmsmadesimple.org/viewtopic.php?t=76795
  8. Exploit Database entry: https://www.exploit-db.com/exploits/46635
  9. SearchSploit: https://www.exploit-db.com/searchsploit
  10. Hydra: https://github.com/vanhauser-thc/thc-hydra
  11. Pentest Monkey – PHP Reverse Shell: https://pentestmonkey.net/tools/web-shells/php-reverse-shell

The Author

Chris Binnie is a cloud native security consultant [https://www.chrisbinnie.co.uk]http:// who has worked with critical online infrastructure for almost three decades. Edinburgh-based, he has written three cyber security books and written extensively for Linux.com.

« Previous 1 2 3 4

Buy this article as PDF

Download Article PDF now with Express Checkout
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
SUBSCRIPTIONS
Print Subscriptions
Digital Subscriptions

Related content

  • Credential Stuffing

    A credential stuffing cyberattack uses username and password credentials stolen in a data breach to gain access to your accounts. We explain how it works and how to prevent yourself from becoming a victim.

    more »
  • Attacking SSH

    Sometimes the only way to break into an SSH server is through brute force – and yes, there are tools for that.

    more »
  • Kernel Exploits

    This deep look at how intruders attack an out-of-date kernel should be enough to convince you of the need to stay vigilant.

    more »
  • Capture the Flag

    TryHackMe's Capture the Flag puzzles are a useful source for users who want to learn about ethical hacking and penetration testing.

    more »
  • Container Escape

    Docker containers and Kubernetes pods might not be as airtight as you think. We'll show you three potential attacks.

    more »
comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News

Tag Cloud

Administration Community Desktop Events Hardware Linux Mobile Programming Security Software Ubuntu Web Development Windows free software open source