CVE-2015-8562

This exploit leverages PHP object injection in Joomla via deserialization to achieve remote code execution (RCE). It crafts a malicious payload using Joomla's JDatabaseDriverMysqli and SimplePie classes, then sends it via HTTP headers to trigger the vulnerability.

This exploit leverages a PHP object injection vulnerability in Joomla (CVE-2015-8562) via the X-Forwarded-For header to achieve remote code execution. It supports both blind command execution and a reverse shell payload.

This repository contains a functional Python exploit for CVE-2015-8562, a PHP object injection vulnerability in Joomla 1.5.0 through 3.4.5. The exploit leverages deserialization via the HTTP User-Agent or X-Forwarded-For header to achieve remote code execution (RCE) or spawn a reverse shell.

The repository lacks exploit code and only provides a YouTube demo link, which is a common tactic for luring users into external content. No technical details or actual PoC code are included.

This repository contains a functional Python exploit for CVE-2015-8562, targeting Joomla 1.5 to 3.4.5 via object injection in the X-Forwarded-For header. The exploit generates a reverse shell payload and executes it on the target system.

This repository contains a functional PHP-based exploit for CVE-2015-8562, a PHP object injection vulnerability in Joomla. The exploit leverages a maliciously crafted User-Agent header to achieve remote code execution (RCE) by exploiting deserialization flaws in Joomla's session handling.

This repository contains a functional exploit for CVE-2015-8562, a vulnerability in Joomla's com_admin component. The provided Dockerfile sets up a vulnerable Joomla environment, and the included PHP files demonstrate the exploit by manipulating the profile controller to achieve unauthorized access or command execution.

This repository contains functional exploit code for CVE-2015-8562, a PHP object injection vulnerability in Joomla 3.4.5. The exploits leverage session deserialization via the X-Forwarded-For header to achieve unauthenticated remote code execution.

This repository contains a Dockerized Joomla CMS setup with modified files to demonstrate CVE-2015-8562, a vulnerability in Joomla's com_admin component. The exploit likely involves unauthorized access or execution due to missing access checks in the admin.php file.

This repository contains a functional exploit for CVE-2015-8562, a PHP object injection vulnerability in Joomla. The PoC sends a crafted HTTP request with a base64-encoded payload to execute arbitrary commands (e.g., 'whoami') on the target system.

This repository contains a functional exploit for CVE-2015-8562, a PHP object injection vulnerability in Joomla 1.5 to 3.4.5. The exploit leverages deserialization to achieve remote code execution (RCE) and includes options for blind command execution or reverse shell payloads.

This repository contains functional exploit code for CVE-2015-8562, a PHP object injection vulnerability in Joomla. The exploit leverages deserialization in the HTTP header to achieve remote code execution (RCE) by crafting malicious payloads. The scanner script checks for vulnerable Joomla instances.

This is a functional exploit for CVE-2015-8562, a PHP object injection vulnerability in Joomla. It crafts a malicious User-Agent header containing serialized payloads to achieve remote code execution via deserialization.

This Metasploit module exploits CVE-2015-8562, an unauthenticated remote code execution vulnerability in Joomla 1.5.0 to 3.4.5. It leverages PHP deserialization flaws by injecting malicious session data via HTTP headers (User-Agent or X-Forwarded-For) and requires specific PHP versions (pre-5.4.45, 5.5.x < 5.5.29, or 5.6.x < 5.6.13).