[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla <=2.5.8,<=3.0.2 remote tcp connections opener

[ 0Day-ID-20434 ]
Full title
Joomla <=2.5.8,<=3.0.2 remote tcp connections opener [ Highlight ]
Highlight - is paid service, that can help to get more visitors to your material.

Price: 10
Date add
Category
Platform
Verified
Price
free
Risk
[
Security Risk Low
]
Rel. releases
Description
Joomla core plugin 'highlight' unserializes not trusted input. Plugin
is enabled by default in standard joomla installation.

This proof of concept exploit uses JStream joomla class to make target
opens remote tcp connections to custom address, therefore multiple
vulnerable joomla instances can be used for ddos attacks. (JStream
class can also be used to execute chmod on any file with any mode)
Vendor
www.joomla.org
Affected ver
<= 2.5.8
<= 3.0.2
Solution
Upgrade to latest version or disable highlight plugin.
CVE
CVE-2013-1453
Tags
Prooves Information
Video proof
Other Information
Abuses
0
Comments
0
Views
18 581
We DO NOT use Telegram or any messengers / social networks! We DO NOT use Telegram or any messengers / social networks! Please, beware of scammers!
free
Open Exploit
You can open this source code for free
Open Exploit
Open Exploit
You can open this source code for free
Author
BL
29
Exploits
1
Readers
0
[ Comments: 0 ]
Terms of use of comments:
  • Users are forbidden to exchange personal contact details
  • Haggle on other sites\projects is forbidden
  • Reselling is forbidden
Punishment: permanent block of user account with all Gold.

Login or register to leave comments