Tag: Joomla

From administrator to SuperUser Joomla <= 3.6.4

Problem: during a penetration test i faced a buggy Joomla installation. Joomla version was 3.6.4 and was vulnerable to  CVE-2016-8869  . I created an administration account using metasploit module but wait !?

I couldn’t upload a WebShell . i used .pht method with no luck . i had no access to template source files.

template_unprivileged.PNG

Continue reading “From administrator to SuperUser Joomla <= 3.6.4”