CMS Hacking EC Council was reported to have been compromised by a hacker called “Godzilla”. Based on published materials in seems that the hacker got access to training course material of several certification programs.

This is not the first time that EC council related sites have been reported to be hacked. Two years ago hackers breached the academy site of the EC Council here is the analysis of the EC council academy hack:

Looking into the published content by the hacker analyzing the screenshot from shows that the server was hacked by the upload of the WSO web shell code.

The malicious shell was probably uploaded due to an exploit of a known vulnerability in the Joomla CMS (Content Management System) used by the site – judging by the file date in the screenshot the system has not been updated since 2010.

What is the takeaway here?

While we can take the provocative approach of looking into a company that its revenue is mostly based on teaching professionals about security and gets hacked, lets be hones – this can happen to any company and history has proved this point valid. In this case, we would rather show the interesting direction around CMS exploitation becoming more and more popular

The CMS Exploitation vector of attack is very common and in fact a simple search on one specific flavor (Joomla) resulted in 629 CVEs. Thousands exist in the CVE database and hundreds exist in 0day databases.

Why does this matter?

Businesses rely on 3rd party software and platforms to conduct their online business, and it is very common to use a CMS such as Joomla or similar and even Sharepoint to simplify delivering a rich website. However by doing so the website is exposed to vulnerabilities found within that CMS.

This brings up an interesting playfield for hackers, which can use Dork techniques and others to fingerprint many websites who use the specific CMS, easily locate many targets and exploit them with either a known (if the system is not up to date as it seems to have been the case here) or a 0day exploit, and have lots of surface covered.

Here is an example of a search term that looks for a specific function in a known CMS which is known to be vulnerable, in order to identify potential targets, the result is astounding. ~263,000 potential targets.

What can an organization do to protect itself?

This hack could have been probably prevented by either constantly patching of all the 3rd party code of the application and/or by implementing a web application firewall in front of the application.

Where can I learn more?

Going back to our HII report from January (“Lessons learned from the Yahoo hack”). We have shown how third party code may contain vulnerabilities and security holes that could result in a hack, this is of course not the same case, as the HII spoken of talks about a 3rd party service that got compromised, however the security implications are the same.

Imperva is the market leading solution for Database, File, and Web Application Security. Contact us today to learn more and request valuable industry specific use-case.

via CMS Hacking – Imperva Data Security Blog.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of the author. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided "as-is". The author shall not be liable for any damages whatsoever arising out of the content or use of this blog.
%d bloggers like this: