From administrator to SuperUser Joomla <= 3.6.4

Problem: during a penetration test i faced a buggy Joomla installation. Joomla version was 3.6.4 and was vulnerable to  CVE-2016-8869  . I created an administration account using metasploit module but wait !?

I couldn’t upload a WebShell . i used .pht method with no luck . i had no access to template source files.


i know that only SuperAdmin account can edit .php files directly in templates section. but i was administrator , not SuperUser.

An administrator account cannot create superuser directly. ( the role Super user is not available for selecting ).


After an hour of  working  , i find a solution for adding a SuperUser account directly from administration panel (without database interaction directly).


Go to Users > Options >

  1. enable user registration
  2. set new user registration group to > Super Users
  3. set Guest User Group  to > Super Users
  4. disable send password
  5. set New User Account Activation to > None
  6. disable mail notification to administrator and save



After modifying user options , logout then register new user from below link .



After submitting the form you will face below error, ignore it.


Now login with registered username then  you will be SuperUser and you can do whatever superuser can do . after creating super user undo modifications.


and now you have full access to template source files and can use this method for uploading a WebShell.


This method fixed in Joomla 3.6.5. Feel free and leave your comment.




Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s