Joomla Object Injection

Added: 10/24/2019

Background

Joomla is a content management system written in PHP.

Problem

An object injection vulnerability in Joomla could allow a remote, unauthenticated attacker to execute arbitrary commands on the server.

This vulnerability has been nicknamed "Rusty Joomla".

Resolution

Upgrade to Joomla 3.4.7 or higher.

References

https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=41

Limitations

On successful exploitation, a backdoor is placed into the configuration.php file. This backdoor must be manually removed.

Platforms

Linux

Back to exploit index