关联漏洞
标题:
Joomla 安全漏洞
(CVE-2021-23132)
描述:Joomla是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。 Joomla Core 存在安全漏洞,目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。以下产品及版本受到影响:Joomla! 3.2.0 through 3.9.24.
描述
com_media allowed paths that are not intended for image uploads to RCE
介绍
# CVE-2021-23132
com_media allowed paths that are not intended for image uploads to RCE.
# CVE-2020-24597
Directory traversal in com_media to RCE
Two CVEs are the same.
PoC (Full)
Affected version: Joomla core <=3.9.24
User requirement: Admin account (Not Superadmin)
Gain access: Create superadmin, then trigger RCE.
Remote Code Execution (RCE) in Joomla
Run `cve-2021-23132.py` with your credentials and access link rce:
`http://target/templates/protostar/error.php?cmd=ls `
PoC:
```
python3 cve-2021-23132.py -url http://192.168.72.140 -u admin -p 1234 -rce 1 -cmd ls
```
I wrote PoC to be able to use `Directory Traversal` or RCE mode.
I used `Directory Traversal` to trigger RCE.
You can use `python3 cve-2021-23132.py -h` to how to use PoC.
Note: Make sure you used python3 and install `lmxl` by `pip3 install lxml`
# DISCLAIMER
*Please use your research and help Joomla more secure.*
# References
https://developer.joomla.org/security-centre/846-20210306-core-com-media-allowed-paths-that-are-not-intended-for-image-uploads.html
文件快照
[4.0K] /data/pocs/a08f7050c08e7a87553ce782528943a5b6e25f43
├── [ 18K] cve-2021-23132.py
└── [1.1K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。