## https://sploitus.com/exploit?id=E331215C-C137-5045-8655-DB1412B88C0D
# CVE-2026-56290 - Com_pagebuilderck Mass Exploit
## โ ๏ธ Disclaimer
> **This tool is for educational and authorized security testing purposes only.**
>
> - Unauthorized access to computer systems is illegal
> - Use this tool only on systems you own or have explicit permission to test
> - The author is not responsible for any misuse or damage caused by this tool
> - By using this tool, you agree to comply with all applicable laws and regulations
> More Disclaimer You Can see the disclaimer on the cover of Jenderal92. You can check it [HERE !!!](https://github.com/Jenderal92/)
## ๐ Description
**CVE-2026-56290** is a mass exploitation tool targeting the **Com_pagebuilderck** Joomla component. This vulnerability allows remote attackers to upload arbitrary PHP files via an unrestricted file upload mechanism, leading to Remote Code Execution (RCE).
### ๐ Vulnerability Details
| Attribute | Value |
|-----------|-------|
| **CVE ID** | CVE-2026-56290 |
| **Component** | Com_pagebuilderck |
| **Platform** | Joomla! CMS |
| **Type** | Unrestricted File Upload (RCE) |
| **CVSS Score** | 9.8 (Critical) |
### ๐ฏ How It Works
1. **Token Extraction**: Fetches CSRF token from the target page
2. **File Upload**: Uploads PHP shell to `/media/com_pagebuilderck/gfonts/`
3. **Shell Confirmation**: Verifies successful upload by checking shell output
4. **Result Storage**: Saves vulnerable URLs to `reslt.txt`
## ๐ฆ Requirements
### System Requirements
```bash
Python 2.7
pip (Python package installer)
```
Python Dependencies
```bash
pip install requests colorama
```
๐ง Installation
1. Clone the Repository
```bash
git clone https://github.com/Jenderal92/CVE-2026-56290.git
cd CVE-2026-56290
```
2. Install Dependencies
```bash
pip install -r requirements.txt
```
๐ Usage
Basic Usage
```bash
python CVE-2026-56290.py targets.txt
```
Input File Format
Create a targets.txt file with one URL per line:
```text
https://example1.com
http://example2.com/joomla
https://example3.com:8080
# Comments are ignored
```
Output
ยท Console Output: Real-time progress and results
ยท reslt.txt: Contains all vulnerable shell URLs
Example Run
```bash
$ python CVE-2026-56290.py targets.txt
[+] CVE-2026-56290 - Com_pagebuilderck Mass Exploit
[+] Threads: 15
[+] Timeout: 10s
[+] Output file: reslt.txt
[+] Loaded 100 targets from file
[*] Starting pool with 15 processes...
[1] Queueing: https://example1.com
[2] Queueing: https://example2.com
...
[1] โโโ VULNERABLE: https://example1.com/media/com_pagebuilderck/gfonts/shell_abc123.php
```
โ๏ธ Configuration
You can modify these variables in the script:
```python
THREADS = 15 # Number of concurrent workers
TIMEOUT = 10 # Request timeout in seconds
USER_AGENT = "..." # Custom User-Agent string
OUTPUT_FILE = "reslt.txt" # Output filename
```
๐ก๏ธ Security Considerations
For System Administrators
If you're running a Joomla site with Com_pagebuilderck:
1. Update immediately to the latest patched version
2. Remove the component if no longer needed
3. Monitor /media/com_pagebuilderck/gfonts/ for suspicious files
4. Implement WAF rules to block PHP uploads
5. Review server logs for exploitation attempts
Indicators of Compromise (IoC)
Look for these signs of exploitation:
```text
# Suspicious files in
/media/com_pagebuilderck/gfonts/*.php
/media/com_pagebuilderck/gfonts/*.phtml
/media/com_pagebuilderck/gfonts/*.phar
# Suspicious requests
/index.php?option=com_pagebuilderck&task=browse.ajaxAddPicture&[token]=1
```
Detection Commands
```bash
# Find suspicious PHP files in the media directory
find /path/to/joomla/media/com_pagebuilderck/gfonts/ -name "*.php" -type f
# Check for recent modifications
find /path/to/joomla/media/com_pagebuilderck/gfonts/ -type f -mtime -7
# Look for suspicious file names (random strings)
ls -la /path/to/joomla/media/com_pagebuilderck/gfonts/ | grep -E '[a-z0-9]{8,}\.(php|phtml|phar)'
```
โ ๏ธ Legal Notice
This software is provided "AS IS", without warranty of any kind. The author is not responsible for any illegal or unethical use of this tool. Always obtain proper authorization before testing any system.
๐ Acknowledgments
ยท Security researchers who discovered and reported CVE-2026-56290
ยท Joomla community for maintaining the CMS
Remember: With great power comes great responsibility. Use this tool ethically and legally.