Joomla

反序列化（版本低于3.4.5）

CVE-2015-8562

RCE

Date：
October, 2019

原理：
https://blog.hacktivesecurity.com/index.php?controller=post&action=view&id_post=41

EXP:
https://www.exploit-db.com/exploits/47465
https://github.com/kiks7/rusty_joomla_rce

Refer：

https://blog.hacktivesecurity.comhttps://nvd.nist.gov/vuln/detail/CVE-2015-8562https://blog.ripstech.com/2018/woocommerce-php-object-injection/https://www.php.net/manual/en/ref.session.phphttps://www.hacktivesecurity.com