Home

Awesome

#[+] Joomla! RCE - Mass scanner & exploit

CVE 2015-8562

Exploit used on POC: https://www.exploit-db.com/exploits/39033/

How it works:

  1. The scanner make a search on google, based on your dork.
  2. The parser function extract the links and save them to joomlaRCE_results.txt
  3. The fuzzing function check version of joomla and PHP of each link and save them under joomlaRCE_targets, if they are possible vulnerable.
  4. The back connect function execute the exploit RCE on each possible target, to get the back connection. (Make sure at this time you already have a terminal open listening)

Observations:

  1. Make sure the exploit is in the same directory of scanner with the correct name.
  2. If you whant to change the country of google (is commented on the code), you can. But you won't be able to use --period argument. This happens because only 1 element, i couldn't map only by the xpath selector, i needed to use the xpath and the language of the text. If you fix it, send to me your solution ;)
  3. You can change the country of google search, the default is .com.br. BUT you won't be able to use --period parameter
  4. INSTALL ALL DEPENDENCYS... (selenium beautifulsoup4 requests docopt .... I don't remember all :D)

Exemples dorks:

dork1: inurl:'index.php?option='

dork2: allinurl:'/language/en-GB/'