Few weeks had past since joomla team release a security update regarding high-priority issues of Joomla 1.5x version where admin passwords can be reset when token sanitation failed to sanitize correctly which results in a successful password reset. Affected versions ranges from Joomla 1.5.0 – 1.5.5, but to my dismay I found out ‘till now some joomla-based sites which belongs to some of my fellow filipino people haven’t updated yet their joomla sites which are very vulnerable to exploitation. I even conducted a penetration test to see if it is still possible to reset there admin passwords and gain privileges to their site. I got a few list of vulnerable sites but I don’t want to share it publicly for security purposes. One of my hit lists belongs to Academic institution, including some local government sites and personal site. I’ve contacted a few webmasters regarding their site but more are left uninformed about the security issue, leaving their site prone to exploitation.
On the other hand, I reached to the point where I almost decided to hack their site just to vandalize it or post some explicit/vulgar words but thank God He had given me strength and a solid faith to avoid such unethical practices. I guess I grew up a little bit each day not like when I was in my younger days when I had no doubt and fear of doing such stupid things.