Search the Community
Showing results for tags 'hack htttp'.
I am trying to exploit the common joomla CMS application. Here is some info on the exploit. https://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce To use the exploit in msfconsole type : use exploit/multi/http/joomla_http_header_rce So here comes my question. In the options for the exploit comes my problem show options ###output below### Name Current Setting Required Description ---- --------------- -------- ----------- HEADER USER-AGENT yes The header to use for exploitation (Accepted: USER-AGENT, X-FORWARDED-FOR) Proxies no A proxy chain of format type:host:port[,type:host:port][...] RHOST 188.8.131.52 yes The target address RPORT 80 yes The target port SSL false no Negotiate SSL/TLS for outgoing connections TARGETURI / yes The base path to the Joomla application VHOST no HTTP server virtual host My problem is the VHOST setting.I do under stand what virtual host is( I think it is when one ip is used to host multiple domain names) Imagine this scenario: target website running joomla is http://www.joomla-target.com/joomla/ on port 80 domain is hosted on 184.108.40.206 but 220.127.116.11:80 is not the same as http://www.joomla-target.com:80 (<--my virtual host understanding) I hope you have understood the scenario: So what will be the options for RHOST TARGETURI VHOST RPORT Please help. Thanks in advance.