Posted on 2 Comments

Hack Joomla with Remote Code Execution

Hello Aspiring Hackers. In this howto, we will see how to hack joomla with a RCE exploit. Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it’s possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the session is read from the database.

We also need to have a PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13. In later versions the deserialization of invalid session data stops on the first error and the exploit will not work. The PHP Patch was included in Ubuntu versions 5.5.9+dfsg-1ubuntu4.13 and 5.3.10-1ubuntu3.20 and in Debian in version 5.4.45-0+deb7u1. Joomla has recently released a patch for this vulnerability. Now let us see how to use the Joomla HTTP Header Unauthenticated Remote Code Execution exploit. Start Metasploit. and search for the exploit as shown below.

Type command “show options to see the required options.

Set the remote IP address and set the payload as shown below.

Type command “check” to see whether the target is vulnerable.

Next type command “exploit” to execute the exploit. You will get the remote system’s shell as shown below.

That is how to hack joomla with remote code execution exploit. See how to find out the joomla version running on the target machine.

Follow Us

2 thoughts on “Hack Joomla with Remote Code Execution

  1. […] in software world is that it becomes a target for hackers.  We have just recently seen how to exploit some recent vulnerabilities in Joomla. It would be pretty helpful if the users or testers know the vulnerabilities in their Joomla CMS […]

  2. […] our target’s exact version. For example, take Joomla, a popular CMS. Recently we have seen Joomla HTTP Header Unauthenticated Remote Code Execution exploit which affects Joomla versions 1.5.0 to 3.4.5. We have also seen another exploit  “Joomla […]

Comments are closed.