Awesome

Made by HK

CVE-2020-11890: Improper input validations in the usergroup table class could lead to a broken ACL configuration to RCE

Link

https://developer.joomla.org/security-centre/810-20200402-core-missing-checks-for-the-root-usergroup-in-usergroup-table.html

PoC

Affected version: Joomla core before 3.9.17

User requirement: Admin account (Not superadmin)

Gain access: Create a new Superadmin, then trigger RCE.

Remote Code Execution (RCE) in Joomla

Run cve202011890.py with your credentials and access link rce:

Guide to use docker such as:

#Step 1:

docker pull hoangkien1020/joomla:3.9.16

#Step 2:

docker run -d --rm -it -p 8080:80 hoangkien1020/joomla:3.9.16

#Step 3: Access your domain/IP with port 8080:

Inside this image with credentials

username: password

MySQL: root: root (can access via IP:8080/phpmyadmin)

superadmin:1234 (Super Users)

admin:1234 (Administrator)

hacker:1234 (Manager)