beez: dangerous template for joomla ?

[hakimarx]

I often observe the <url of hackers listing>. There, a hacker named <someone> always attack the Joomla Beez template. Are developers already anticipating joomla joomla Beez security hole?

[RussW]

it just happens that these sort of people know that this template is present by default, so it is a 'known' starting point to search for permissions or extension vulnerabilities, nothing more than that.

[ghandil]

it just happens that these sort of people know that this template is present by default, so it is a 'known' starting point to search for permissions or extension vulnerabilities, nothing more than that.

even if it doesn't set as default template; do hackers able to use that to search for site's vulnerabilities?

[Per Yngve Berg]

The template can always be viewed by adding "&template=Beez" to the url

[mandville]

even if it doesn't set as default template; do hackers able to use that to search for site's vulnerabilities?

they use it to "fingerprint" a joomla site
if you dont use a template, delete it

[ghandil]

even if it doesn't set as default template; do hackers able to use that to search for site's vulnerabilities?

they use it to "fingerprint" a joomla site
if you dont use a template, delete it

what do you mean they "fingerprint" a joomla site exactly? it means they may understand that site has been built by joomla? If so there are many easier way to know this. aren't there?
Also most of the hack files on my site located on templates/bezz folder and sub folders. the topic is here and you reply to it too, mandville: Joomla Version 1.5.15 site was hacked; source recognition

[mandville]

.

your issue is unrelated to this topic.

[ghandil]

your issue is unrelated to this topic.

Thanks you mandville.
But would you mind explain "fingerprint" a joomla site please? I think it's related to this topic.

what do you mean they "fingerprint" a joomla site exactly? it means they may understand that site has been built by joomla? If so there are many easier way to know this. aren't there?

Also I thought my site maybe was hacked by fingerprint joomla site first and then other actions. that's why I mentioned its topic here. excuse me.

Thanks in advance

[RussW]

Most commonly, the template folder needs to be writable to install templates and update them. On poorly configured servers and sites, this might mean the user has set the permissions to 777, which is extremely dangerous and exposes you to compromise quite readily. So targeting the templates folder, with a known default template, is quite a handy way of determining what's installed, at what version and to some degree , maybe even how to access. OK?

[brian]

fingerprint - a tell tale sign identifying the site as running joomla. Joomla like ALL cms has many fingerprints

[ghandil]

Thanks dear RussW and dear brian

with a known default template, is quite a handy way of determining what's installed

Thanks You a lot.
what kind of stuff they could be determine with this method? just joomla or even its extension? how?

P.s: Excuse me for many questions but I really want to learn something

[brian]

If you know what you are doing then you can determine the exact version of joomla that is installed and possibly the extensions that are installed and their versions.

[RussW]

unfortunately, we don't openly discuss exploit types or details, so you will need to do some research yourself for this type of information. But think a little broader. If for the stated reasons, of miss-configuration of permissions because a poorly configured server requires the use of 777 for a folder to be writable to the user, then access is granted to many other people as well as the owner, hence there is a vulnerability caused, potentially allowing for the upload of a malicious script, gaining access to the complete hosting account, if not (considering the server is already determined to be poorly configured) other peoples accounts on the same machine, MySQL and worse, the server itself.