Hello Aspiring Hackers. In this howto, we will see how to hack joomla with a RCE exploit. Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it’s possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the session is read from the database.
We also need to have a PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13. In later versions the deserialization of invalid session data stops on the first error and the exploit will not work. The PHP Patch was included in Ubuntu versions 5.5.9+dfsg-1ubuntu4.13 and 5.3.10-1ubuntu3.20 and in Debian in version 5.4.45-0+deb7u1. Joomla has recently released a patch for this vulnerability. Now let us see how to use the Joomla HTTP Header Unauthenticated Remote Code Execution exploit. Start Metasploit. and search for the exploit as shown below.
Type command “show options“ to see the required options.
Set the remote IP address and set the payload as shown below.
Type command “check” to see whether the target is vulnerable.
Next type command “exploit” to execute the exploit. You will get the remote system’s shell as shown below.
That is how to hack joomla with remote code execution exploit. See how to find out the joomla version running on the target machine.Follow Us