CVE-2020-10239 PoC — Joomla! 安全漏洞

Source

https://github.com/HoangKien1020/CVE-2020-10239

Associated Vulnerability

Title:Joomla! 安全漏洞 (CVE-2020-10239)
Description:Joomla!是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。 Joomla! 3.7.0版本至3.9.15版本中的com_fields SQL字段存在安全漏洞，该漏洞源于不正确的访问控制。攻击者可利用该漏洞绕过访问限制。

Description

CVE-2020-10239: Incorrect Access Control in com_fields SQL field-RCE- PoC

Readme

# Made by HK
# CVE-2020-10239: Incorrect Access Control in com_fields SQL field - RCE
# PoC
## Affected version: Joomla core from 3.7.0 to 3.9.15
## User requirement: Manager account(Lowest-level in back-end)
## Gain access: Change you from Manager to Superadmin, then trigger RCE.
## Remote Code Execution (RCE) in Joomla
## Run *cve202010239.py* with your credentials and access link rce:
![image](https://user-images.githubusercontent.com/24661746/76829974-ed8ae380-6856-11ea-806e-869168a3e099.png)

File Snapshot


 [4.0K]  /data/pocs/e188fe6b404bdb0a7136a7d5e647e620f481f0d9
├── [5.7K]  cve202010239.py
└── [ 502]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!