Full title: Joomla <=2.5.8,<=3.0.2 remote tcp connections opener Category: dos / poc Platform: php Joomla core plugin 'highlight' unserializes not trusted input. Plugin is enabled by default in standard joomla installation. This proof of concept exploit uses JStream joomla class to make target opens remote tcp connections to custom address, therefore multiple vulnerable joomla instances can be used for ddos attacks. (JStream class can also be used to execute chmod on any file with any mode) # 0day.today @ http://0day.today/