CVE-2015-8562 PoC — Joomla! Core 远程代码执行漏洞

Source

https://github.com/Anonydra/joomla-1.5-3.4.5-rce

Associated Vulnerability

Title:Joomla! Core 远程代码执行漏洞 (CVE-2015-8562)
Description:Joomla!是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。 Joomla!中存在安全漏洞。远程攻击者可借助HTTP User-Agent头利用该漏洞实施PHP对象注入攻击，执行任意PHP代码。以下版本受到影响：Joomla! 1.5.x版本，2.x版本，3.4.6之前3.x版本。（在2015年12月广泛利用）

Description

Modified PoC exploit demonstrating remote code execution via object injection vulnerability in Joomla! 1.5.0 through 3.4.5 (CVE-2015-8562).

Readme

# Joomla! Object Injection RCE (Modified PoC)

This is a **modified** Proof of Concept exploit for the Joomla! vulnerability  
affecting versions **1.5.0 through 3.4.5** (CVE-2015-8562). The vulnerability  
allows remote code execution via PHP object injection.

## Usage

1. Update the target URL in the script.
2. Customize the payload as needed.
3. Run the script to test if the Joomla! instance is vulnerable.

## Disclaimer

This tool is for educational and authorized testing purposes only.  
Do not use it on systems without explicit permission.

## References

- [CVE-2015-8562](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8562)  
- [Original Joomla! Advisory](https://developer.joomla.org/security-centre/630-20151104-core-remote-code-execution.html)

File Snapshot


 [4.0K]  /data/pocs/a106f9301e919d63e69f590894c63b9c4d050081
├── [4.4K]  joomla_1.5-3.4.5_object_injection_rce.py
└── [ 772]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!