In the previous chapter, we learned about how to perform Penetration Testing (pentesting) on WordPress. Just like WordPress, there is another Content Management System (CMS) that is widely used by organizations to manage their website portals – Joomla. In this chapter, we will learn about Joomla, its architecture, and the modules that can be used to test the security of a Joomla-based website. The following are the topics that we will cover in this chapter:
- An introduction to Joomla
- The Joomla architecture
- Reconnaissance and enumeration
- Enumerating Joomla plugins and modules using Metasploit
- Performing vulnerability scanning with Joomla
- Joomla exploitation using Metasploit
- Joomla shell upload