This module exploits a remote code execution vulnerability in Joomla. The session handling code is susceptible to PHP Object Injection attacks due to lack of sanitization in some HTTP headers that are saved to the database session backend.



This update fixes an issue which made the exploit abort before running.

This vulnerability allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method.

Combining this with log injection, remote code execution can be achieved.

Spring Boot Framework 1.2.7 provides a default error page (also known as "Whitelabel Error Page"), that's prone to Spring Expression Language injection when the type of a parameter expected is not expected to be a string but a string is provided. Applications based on Spring Boot that don't deactivate the feature, or customize it in such a way as to stop the injection, are thus susceptible to execution of some Java statements and, in particular, to OS command injections.



This module checks all the parameters in the given pages and, if at least one parameter is vulnerable to the injection, installs an OS Agent.

This module exploits a remote code execution vulnerability in Joomla. The session handling code is susceptible to PHP Object Injection attacks due to lack of sanitization in some HTTP headers that are saved to the database session backend.

This update introduces an OS Command Injection Exploit for the "Wordpress Landing Pages" plugin.

This update is to add the exploit in order to attack Drupal core CMS 7.x versions prior to 7.32 using default configuration (CVE-2014-3704).