Giters

S1lkys / Joomla

A chain of vulnerabilities to compromise Joomla <3.9.27

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Joomla full compromise chain

Steps:

  1. Setup an index.php script on your attacker host which will capture the password reset token and reset the admin's password

  2. Run the python script which will initiate the password reset process

  3. Once logged in as an admin whitelist the ".html" extension and configure the variables at the top of the XSS exploit

  4. upload the .html file containining the XSS and target one of the Super Admins. You can send the link via private message, embedded somewhere on the website etc.

About

A chain of vulnerabilities to compromise Joomla <3.9.27

Languages

Language:Python 49.0%Language:HTML 41.5%Language:PHP 9.5%