CVE-2017-5215
📋 TL;DR
This vulnerability in the Codextrous B2J Contact extension for Joomla! allows attackers to bypass file extension validation through a rename attack, enabling them to upload malicious files and achieve remote code execution. It affects Joomla! websites using the vulnerable B2J Contact extension. Attackers can take full control of affected websites.
💻 Affected Systems
- Codextrous B2J Contact extension for Joomla!
📦 What is this software?
B2j Contact by Codextrous
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the Joomla! website with attacker gaining full administrative access, data theft, defacement, and potential lateral movement to other systems.
Likely Case
Website takeover with malware installation, data exfiltration, and use as an attack platform for further malicious activities.
If Mitigated
Limited impact if proper file upload restrictions and web application firewalls are in place, though risk remains elevated.
🎯 Exploit Status
Exploitation is straightforward and has been weaponized in the wild. Attackers can upload malicious files without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.13
Vendor Advisory: https://extensions.joomla.org/extension/b2j-contact/
Restart Required: No
Instructions:
1. Log into Joomla! admin panel. 2. Navigate to Extensions > Manage > Update. 3. Update B2J Contact extension to version 2.1.13 or later. 4. Alternatively, download the update from the Joomla! Extensions Directory and install manually.
🔧 Temporary Workarounds
Disable B2J Contact Extension
allTemporarily disable the vulnerable extension until patching is possible.
Navigate to Joomla! admin > Extensions > Manage > Manage, find 'B2J Contact' and disable it
Restrict File Uploads
linuxConfigure web server to block uploads of executable files to the B2J Contact upload directory.
Add to .htaccess: <FilesMatch "\.(php|phtml|php3|php4|php5|pl|py|jsp|asp|sh|cgi)$">
Order Allow,Deny
Deny from all
</FilesMatch>
🧯 If You Can't Patch
- Remove the B2J Contact extension completely from the Joomla! installation
- Implement a web application firewall (WAF) with rules to block file upload attacks and rename attempts
🔍 How to Verify
Check if Vulnerable:
Check Joomla! admin panel > Extensions > Manage > Manage, locate B2J Contact and check version number.Check Version:
Check via Joomla! admin interface or examine /administrator/manifests/files/ file for extension versionVerify Fix Applied:
Confirm B2J Contact extension version is 2.1.13 or higher in the Joomla! extensions manager.📡 Detection & Monitoring
Log Indicators:
- Multiple failed file upload attempts with unusual extensions
- Successful uploads of files with double extensions (e.g., .jpg.php)
- POST requests to B2J Contact upload endpoints
Network Indicators:
- HTTP POST requests to /components/com_b2jcontact/ upload endpoints
- Uploads of files with suspicious content types
SIEM Query:
source="web_logs" AND (uri="/components/com_b2jcontact/*" AND method="POST") AND (file_extension="php" OR file_extension="phtml" OR file_extension="jsp")