If you are a victim of this vulnerability, there are ways in which you can confirm whether it exists on your Joomla! website.
Outputs from this URL (https://joomlawebsite.com/administrator/manifests/files/joomla.xml) can help you verify whether an attacked Joomla! website is susceptible to this specific vulnerability.
The output of an HTTP GET request to this URL (https://joomlawebsite.com/api/index.php/v1/config/application?public=true) will lead to a dump of the following installation details. Critical parameters dumped:
- "dbtype": "mysqli",
- "host": "localhost",
- "user": "joomla",
- "password": "S3iw1fratij9Fac8",
- "db": "joomla",
- "dbprefix": "l8fe0_"
This will lead to unfettered, unlimited access to the MSQL database server, using only the username, password, and MSQL host address.
If your Joomla! website installation has an
MSQL server accessible from a publicly available internet address, a hacker holding this data has an opportunity to infiltrate your site. They can also freely inject malicious code into your Joomla! data.