Docker compose file to setup environment for CVE 2015-8562 testing
This project includes a Docker compose file to setup environment for CVE 2015-8562 testing. It setup an Apache 2.4 server with PHP 5.3 and MySQL server 5.6. Once containers have been created, the installation procedure for Joomla 3.4.4 will be shown.
The project also includes an exploit from: https://www.exploit-db.com/exploits/39033
-
Clone the repo
git clone https://github.com/lorenzodegiorgi/setup-cve-2015-8562
-
Launch the following command inside the Joomla_RCE folder
docker-compose up
-
Connect to the server via http://localhost:8081
-
Follow Joomla wizard procedure with the following parameters:
- Database user: user
- Database password: password
- Database name: joomla
- Database address: 173.18.0.3
Run the exploit.py script:
python exploit.py -t http://localhost:8081 --cmd
Note that the script has been written using Python 2. If you want to launch a reverse shell, do not add the "--cmd" parameter.
Contributions are what make the open source community such an amazing place to be learn, inspire, and create. Any contributions you make are greatly appreciated.
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature
) - Commit your Changes (
git commit -m 'Add some AmazingFeature'
) - Push to the Branch (
git push origin feature/AmazingFeature
) - Open a Pull Request
Distributed under the MIT License. See LICENSE
for more information.