Joomla vulnerability?

Joomla logo

Fixing a scripting vulnerability in Joomla

One of our former clients let us know that a viewer to their website had been alerted to a virus.

As I still have access to the site, I quickly looked to see what was on the remote server and noticed a file called “spongy47.html” in the document root.

This file appears to run a script from a so-called “adult” domain (interestingly it doesn’t appear to have been bought yet – and no, I’m not interested in buying it!). And don’t get me started on the meaning of “adult” here!

The content of the file is simply (domain deleted):

<html><head><script>location = ‘[some dodgy domain]’;</script></head></html>

Naturally, I’ve removed it and asked everyone to change/upgrade their passwords.

Perhaps this is just getting ready for an exploit, as that domain isn’t registered yet. I couldn’t find any references on the web to either the filename or the dodgy website.