cve/2016/CVE-2016-8869.md

### [CVE-2016-8869](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8869)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.

### POC

#### Reference
- https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r
- https://www.exploit-db.com/exploits/40637/

#### Github
- https://github.com/0x43f/Exploits
- https://github.com/ARPSyndicate/cvemon
- https://github.com/Micr067/CMS-Hunter
- https://github.com/R0B1NL1N/E-x-p-l-o-i-t-s
- https://github.com/SecWiki/CMS-Hunter
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Xcod3bughunt3r/ExploitsTools
- https://github.com/XiphosResearch/exploits
- https://github.com/anquanscan/sec-tools
- https://github.com/binfed/cms-exp
- https://github.com/copperfieldd/CMS-Hunter
- https://github.com/cved-sources/cve-2016-8869
- https://github.com/dhniroshan/offensive_hacking
- https://github.com/dr4v/exploits
- https://github.com/jmedeng/suriya73-exploits
- https://github.com/rustyJ4ck/JoomlaCVE20168869
- https://github.com/shildenbrand/Exploits
- https://github.com/soosmile/cms-V
- https://github.com/sunsunza2009/Joomla-3.4.4-3.6.4_CVE-2016-8869_and_CVE-2016-8870
- https://github.com/tu3n4nh/OWASP-Testing-Guide-v4-Table-of-Contents
- https://github.com/yige666/CMS-Hunter
- https://github.com/zugetor/Joomla-3.4.4-3.6.4_CVE-2016-8869_and_CVE-2016-8870
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2016-8869](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8869)`
			`![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)`

			`### Description`

			`The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.`

			`### POC`

			`#### Reference`
			`- https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.rq4qh1v4r`
			`- https://www.exploit-db.com/exploits/40637/`

			`#### Github`
			`- https://github.com/0x43f/Exploits`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/Micr067/CMS-Hunter`
			`- https://github.com/R0B1NL1N/E-x-p-l-o-i-t-s`
			`- https://github.com/SecWiki/CMS-Hunter`
			`- https://github.com/SexyBeast233/SecBooks`
			`- https://github.com/Xcod3bughunt3r/ExploitsTools`
			`- https://github.com/XiphosResearch/exploits`
			`- https://github.com/anquanscan/sec-tools`
			`- https://github.com/binfed/cms-exp`
			`- https://github.com/copperfieldd/CMS-Hunter`
			`- https://github.com/cved-sources/cve-2016-8869`
			`- https://github.com/dhniroshan/offensive_hacking`
			`- https://github.com/dr4v/exploits`
			`- https://github.com/jmedeng/suriya73-exploits`
			`- https://github.com/rustyJ4ck/JoomlaCVE20168869`
			`- https://github.com/shildenbrand/Exploits`
			`- https://github.com/soosmile/cms-V`
			`- https://github.com/sunsunza2009/Joomla-3.4.4-3.6.4_CVE-2016-8869_and_CVE-2016-8870`
			`- https://github.com/tu3n4nh/OWASP-Testing-Guide-v4-Table-of-Contents`
			`- https://github.com/yige666/CMS-Hunter`
			`- https://github.com/zugetor/Joomla-3.4.4-3.6.4_CVE-2016-8869_and_CVE-2016-8870`