Full title: Joomla <=2.5.8,<=3.0.2 remote tcp connections opener 
Category: dos / poc
Platform: php
Joomla core plugin 'highlight' unserializes not trusted input. Plugin
is enabled by default in standard joomla installation.

This proof of concept exploit uses JStream joomla class to make target
opens remote tcp connections to custom address, therefore multiple
vulnerable joomla instances can be used for ddos attacks. (JStream
class can also be used to execute chmod on any file with any mode)

# 0day.today @ http://0day.today/