[+] Joomla! RCE - Mass scanner & exploit
CVE 2015-8562
Exploit used on POC: https://www.exploit-db.com/exploits/39033/
How it works:
- The scanner make a search on google, based on your dork.
- The parser function extract the links and save them to joomlaRCE_results.txt
- The fuzzing function check version of joomla and PHP of each link and save them under joomlaRCE_targets,
if they are possible vulnerable.
- The back connect function execute the exploit RCE on each possible target, to get the back connection.
(Make sure at this time you already have a terminal open listening)
Observations:
- Make sure the exploit is in the same directory of scanner with the correct name.
- If you whant to change the country of google (is commented on the code), you can. But
you won't be able to use --period argument. This happens because only 1 element, i couldn't
map only by the xpath selector, i needed to use the xpath and the language of the text. If
you fix it, send to me your solution ;)
- You can change the country of google search, the default is .com.br. BUT you won't be able to use --period parameter
- INSTALL ALL DEPENDENCYS... (selenium beautifulsoup4 requests docopt .... I don't remember all :D)
Exemples dorks:
dork1: inurl:'index.php?option='
dork2: allinurl:'/language/en-GB/'