Home page logo

metasploit logo Metasploit mailing list archives

joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE)
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Sun, 29 May 2011 11:37:54 +0800

Not sure whether this has been submitted or not.

James from GulfTech Research and Development coded
joomla_filter_order.rb that exploits SQL injection (ref:
http://packetstormsecurity.org/files/view/99318/joomla160-sql.txt)  in
Joomla! 1.6.0 version.
The exploit leverages SQL Injection to gain administrator hash. From
that, it attempts to upload PHP meterpreter shell using  the name of
com_joomla component.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]