Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2015-8562

Description

Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.

POC

Reference

- http://packetstormsecurity.com/files/134949/Joomla-HTTP-Header-Unauthenticated-Remote-Code-Execution.html

- http://packetstormsecurity.com/files/135100/Joomla-3.4.5-Object-Injection.html

- https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html

- https://www.exploit-db.com/exploits/38977/

- https://www.exploit-db.com/exploits/39033/

Github

- https://github.com/20142995/nuclei-templates

- https://github.com/ARPSyndicate/cvemon

- https://github.com/Anonydra/joomla-1.5-3.4.5-rce

- https://github.com/Caihuar/Joomla-cve-2015-8562

- https://github.com/FishAnonymous/CAShift-Record

- https://github.com/J1ezds/Vulnerability-Wiki-page

- https://github.com/NCSU-DANCE-Research-Group/CDL

- https://github.com/Ostorlab/KEV

- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors

- https://github.com/RobinHoutevelts/Joomla-CVE-2015-8562-PHP-POC

- https://github.com/SexyBeast233/SecBooks

- https://github.com/Threekiii/Awesome-POC

- https://github.com/Threekiii/Vulhub-Reproduce

- https://github.com/VoidSec/Joomla_CVE-2015-8562

- https://github.com/WangYihang/Exploit-Framework

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/ZaleHack/joomla_rce_CVE-2015-8562

- https://github.com/atcasanova/cve-2015-8562-exploit

- https://github.com/bakery312/Vulhub-Reproduce

- https://github.com/cyb3r-w0lf/nuclei-template-collection

- https://github.com/emtee40/google-explorer

- https://github.com/flouciel/Deserialize

- https://github.com/guanjivip/CVE-2015-8562

- https://github.com/hktalent/bug-bounty

- https://github.com/iGio90/hacking-stuff

- https://github.com/jweny/pocassistdb

- https://github.com/lorenzodegiorgi/setup-cve-2015-8562

- https://github.com/paralelo14/CVE-2015-8562

- https://github.com/paralelo14/google_explorer

- https://github.com/parzel/rusty-joomla-rce

- https://github.com/shakenetwork/google_explorer

- https://github.com/thejackerz/scanner-exploit-joomla-CVE-2015-8562

- https://github.com/tmuniz1/Scripts

- https://github.com/trganda/dockerv

- https://github.com/tthseus/Deserialize

- https://github.com/wild0ni0n/wild0ni0n

- https://github.com/xnorkl/Joomla_Payload