Joomla 3.4.6 RCE 复现
joomla是啥
引述官网:
Joomla! is a free and open-source content management system (CMS) for publishing web content. Over the years Joomla! has won several awards. It is built on a model–view–controller web application framework that can be used independently of the CMS that allows you to build powerful online applications.
Joomla! is one of the most popular website softwares, thanks to its global community of developers and volunteers, who make sure the platform is user friendly, extendable, multilingual, accessible, responsive, search engine optimized and so much more.
简而言之,是一个开源的可扩展的内容管理系统
复现
环境
- Joomla 3.4.6 : https://downloads.joomla.org/it/cms/joomla3/3-4-6
- PHP 版本: 5.5.38
- Joomla 3.4 之前(包含3.4)不支持 PHP7.0
- 影响版本: 3.0.0 — 3.4.6
利用过程
按照安装引导一路确认,但是测试中发现选择了博客模板的话似乎会复现失败,所以我最终选择了不使用模板
按照exp的使用方法,填写payload,然后测试
因为是在windows下测试,所以是植入后门后用蚁剑连接
但是我的蚁剑似乎有问题,所以我将后门的eval改写了system得到测试结果:
Author: damn1t
Link: http://microvorld.com/2019/10/12/cve/Joomla 3.4.6 RCE/
Copyright: All articles in this blog are licensed under CC BY-NC-SA 3.0 unless stating additionally.