CVE-2015-8562 PoC — Joomla! Core 远程代码执行漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2015/CVE-2015-8562.yaml

Associated Vulnerability

Title:Joomla! Core 远程代码执行漏洞 (CVE-2015-8562)
Description:Joomla!是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。 Joomla!中存在安全漏洞。远程攻击者可借助HTTP User-Agent头利用该漏洞实施PHP对象注入攻击，执行任意PHP代码。以下版本受到影响：Joomla! 1.5.x版本，2.x版本，3.4.6之前3.x版本。（在2015年12月广泛利用）

Description

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015

File Snapshot


 id: CVE-2015-8562

info:
  name: Joomla HTTP Header Unauthenticated - Remote Code Execution
  author

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!