Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-10238 PoC — Joomla! 安全漏洞

Source
https://github.com/HoangKien1020/CVE-2020-10238
Associated Vulnerability
Title:Joomla! 安全漏洞 (CVE-2020-10238)
Description:Joomla!是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。 Joomla! 2.5.0版本至3.9.15版本中存在安全漏洞,该漏洞源于com_templates中的各种操作缺少必需的ACL检查。攻击者可利用该漏洞绕过访问限制。
Description
CVE-2020-10238: Incorrect Access Control in com_templates PoC
Readme
# Made by HK
# CVE-2020-10238: Incorrect Access Control in com_templates- RCE
# CVE-2020-10239: Incorrect Access Control in com_fields SQL field- RCE
# Link
https://developer.joomla.org/security-centre/804-20200303-core-incorrect-access-control-in-com-templates.html
https://developer.joomla.org/security-centre/806-20200305-core-incorrect-access-control-in-com-fields-sql-field.html
# My blog about this CVE
https://hoangkien1020.tech/index.php/2020/03/13/my-journey-to-find-out-joomlas-cvepart-1/

# Guide to use docker such as:
# #Step 1: 

# *docker pull hoangkien1020/joomla:hk*

# #Step 2:

# *docker run -d --rm -it -p 8080:80 hoangkien1020/joomla:hk*

# #Step 3: Access your domain/IP with port 8080:
![image](https://user-images.githubusercontent.com/24661746/75947931-9be86d80-5ed4-11ea-991d-f37309d4c41a.png)
# Inside this image with credentials

### *username: password*

### MySQL: root: root (can access via IP:8080/phpmyadmin)

### superadmin:1234 (Super Users)

### admin:1234 (Administrator)

### hacker:1234 (Manager)
File Snapshot

 [4.0K]  /data/pocs/da89893829f5d7a9e731935e6610a1869fe4314e
├── [4.0K]  CVE-2020-10238
│   ├── [2.9K]  RCE.py
│   └── [1.1K]  README.md
├── [4.0K]  CVE-2020-10239
│   ├── [5.7K]  cve202010239.py
│   └── [ 425]  README.md
└── [1.0K]  README.md

2 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.