update description
parent
d4ade7a1fd
commit
2e54cd2ca7
|
@ -17,7 +17,9 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5 to 3.4.
|
||||
By storing user supplied headers in the databases session table it's possible to truncate the input
|
||||
by sending an UTF-8 character. The custom created payload is then executed once the session is read
|
||||
from the databse
|
||||
from the databse. You also need to have a PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13.
|
||||
In later versions the deserialisation of invalid session data stops on the first error and the
|
||||
exploit will not work.
|
||||
},
|
||||
'Author' =>
|
||||
[
|
||||
|
@ -32,7 +34,8 @@ class Metasploit3 < Msf::Exploit::Remote
|
|||
['URL', 'https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html'],
|
||||
['URL', 'https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html'],
|
||||
['URL', 'https://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fdrops.wooyun.org%2Fpapers%2F11330'],
|
||||
['URL', 'https://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fwww.freebuf.com%2Fvuls%2F89754.html']
|
||||
['URL', 'https://translate.google.com/translate?hl=en&sl=auto&tl=en&u=http%3A%2F%2Fwww.freebuf.com%2Fvuls%2F89754.html'],
|
||||
['URL', 'https://bugs.php.net/bug.php?id=70219']
|
||||
],
|
||||
'Privileged' => false,
|
||||
'Platform' => 'php',
|
||||
|
|
Loading…
Reference in New Issue