Astroid Framwork gehacked

Astroid Framwork gehacked was created by joflatz

Posted 7 hours 49 minutes ago #36392
The Astroid framework has reportedly been hacked for numerous Joomla users. A colleague from Vienna just alerted me to this.

Apparently, it can be identified by unusual plugins, such as payload.

Does anyone in the JoomlaPlates community know anything about this?
by joflatz

Please Log in or Create an account to join the conversation.

Replied by joomlaplates on topic Astroid Framwork gehacked

Posted 6 hours 33 minutes ago #36393
The reported vulnerability has been CONFIRMED and FIXED. The Astroid Framework for Joomla had a critical security flaw where admin-only AJAX endpoints relied solely on
Code:
Session::checkToken()
for authentication. This token validates CSRF protection but does not verify that a valid admin session exists. An unauthenticated attacker could obtain a token from the admin login form and use it to perform privileged actions.

If .htaccess blocks access to /administrator/, the attacker cannot reach the login page and therefore cannot obtain the token. In that case, the vulnerability is effectively not exploitable from outside.
Please protect your backend with .htaccess
PS We are working on a fix this night
Dokumentation:
www.joomlaplates.de/dokumentation.html
by joomlaplates

Please Log in or Create an account to join the conversation.

Replied by joflatz on topic Astroid Framwork gehacked

Posted 2 hours 7 minutes ago #36395
 Thanks for the reply, I'm looking forward to the patch like probably many other Astroid users - currently all my client sites are blocked.
by joflatz

Please Log in or Create an account to join the conversation.

Powered by Kunena Forum