Joomla! RCE (CVE 2015-8562)

Docker compose file to setup environment for CVE 2015-8562 testing

Table of Contents

1. About The Project
2. Getting Started
   • Prerequisites
   • Installation
3. Usage
4. Contributing
5. License

About The Project

This project includes a Docker compose file to setup environment for CVE 2015-8562 testing. It setup an Apache 2.4 server with PHP 5.3 and MySQL server 5.6. Once containers have been created, the installation procedure for Joomla 3.4.4 will be shown.

The project also includes an exploit from: https://www.exploit-db.com/exploits/39033

Getting Started

Installation

1. Clone the repo

   git clone https://github.com/lorenzodegiorgi/setup-cve-2015-8562

2. Launch the following command inside the Joomla_RCE folder

   docker-compose up

3. Connect to the server via http://localhost:8081

4. Follow Joomla wizard procedure with the following parameters:

   1. Database user: user
   2. Database password: password
   3. Database name: joomla
   4. Database address: 173.18.0.3

Usage

Run the exploit.py script:

python exploit.py -t http://localhost:8081 --cmd

Note that the script has been written using Python 2. If you want to launch a reverse shell, do not add the "--cmd" parameter.

Contributing

Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.

1. Fork the Project
2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
3. Commit your Changes (git commit -m 'Add some AmazingFeature')
4. Push to the Branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

License

Distributed under the MIT License. See LICENSE for more information.