Exploring vulnerabilities in open source content management systems (cms: A case of Joomla
No Thumbnail Available
Date
2018-12-08
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
KNUST
Abstract
Websites are major sources of information today and internet is the dominating platform for
deployment of various applications built for worldwide audience. Using open-source content
management systems can be developed and managed more easily and quickly to provide
information to stakeholders or any target audience. However, provision of information or needed
platform for commonly used applications must not be at the expense of security. One of best
ways to unearthing security flaws in CMS is by conducting Vulnerability Assessment. The aim
of this study is to uncover vulnerabilities associated with Joomla content management systems
and proposing solutions to mitigate issues discovered. The study adopted automated tools in the
assessment of the vulnerabilities as this approach provide a deeper means of the scanning in
unearthing and exposing flaws. This study began with configurations of tools before the actual
assessment commenced. First, Zenmap was used to gather information on the host servers both
local and online. Then OpenVAS was deployed to ascertain whether the host environment itself
was secured enough in the first place. 17 vulnerabilities were identified on the server. Joomscan
was used to conduct the assessment on the Joomla! CMS. Five issues were discovered in the
assessment of the CMS which were Multiple XSS/CSRF, JSession SSL Session Disclosure,
Frontend XSS, HTTP_REFERER not properly filtered and PHP_SELF not properly filtered. A
3-step solution was proposed to solved the issues that was identified from the assessment of the
CMS. These were an Input Control Mechanism, Intermediary Script Handler and a Secure Web
Server Hosting Architecture. The study will be beneficial to users of Content Management
Systems most especially Joomla!
Description
A Thesis submitted to the department of Computer Science,
College of Sciences in partial fulfillment of the requirements for the degree of
Msc. INFORMATON TECHNOLOGY