Shulou(Shulou.com)06/01 Report--

This article is about how to reproduce Joomla 3.4.6 remote code execution vulnerabilities, the editor thinks it is very practical, so I share it with you to learn. I hope you can get something after reading this article.

Introduction to 0x00

Joomla is a world-renowned content management system.

Joomla is a software system developed by using PHP language and MySQL database.

It can be executed on various platforms such as Linux, Windows, MacOSX, etc. Currently, it is developed and supported by the Open Source Matters open source organization.

Overview of 0x01 vulnerabilities

Alessandro Groppo @ Hacktive Security issued EXP for Joomla command execution in exploit-db (https://www.exploit-db.com/exploits/47465)) on October 2, 2019. The essence of the vulnerability is that Joomla improperly handles session data, and unauthorized attackers can send well-constructed malicious HTTP requests to gain server privileges and implement remote command execution.

0x02 scope of influence

3.0.0 search joomla_rce-> use xxxxx-> info

0x05 repair mode

Update to the latest version of the official website

The above is how to reproduce Joomla 3.4.6 remote code execution vulnerabilities. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.