infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Changes suggested by h00die 0803

GSoC/Meterpreter_Web_Console
Luis Hernandez 2018-03-09 09:55:50 -05:00
parent 048d0d1fe4
commit 37bf4d118a
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
documentation/modules/exploit/unix/webapp/joomla_sqli_rce_3_7_0.md
View File

@ -1,7 +1,7 @@
## Vulnerable Application
This module exploits a SQL Injection vulnerability in the com_fields component which was introduced to the core of Joomla in version 3.7.0.
With the SQLi, its possible to enumerate cookies of administrative users, and hijack one of their sessions. If no administrators are authenticated, the RCE portion will not work. If a session hijack is available, one of the website templates is identified, and our payload is added to the template as a new file, and then executed.
This module exploits a SQL Injection vulnerability in the 'com_fields' component which was introduced to the core of Joomla in version 3.7.0.
With the SQLi, it's possible to enumerate cookies of administrative users, and hijack one of their sessions. If no administrators are authenticated, the RCE portion will not work. If a session hijack is available, one of the website templates is identified, and our payload is added to the template as a new file, and then executed.
## Verification

2
modules/exploits/unix/webapp/joomla_comfields_sqli_rce.rb
View File

@ -25,7 +25,7 @@ class MetasploitModule < Msf::Exploit::Remote
'References' =>
[
[ 'CVE', '2017-8917' ], # SQLi
['EDB', '42033'],
[ 'EDB', '42033' ],
[ 'URL', 'https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html' ]
],
'Payload' =>