mailing list archives
Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE)
From: Jeffs <jeffs () speakeasy net>
Date: Sun, 29 May 2011 11:27:53 -0400
Where in metasploit is this ruby model supposed to be placed so that it
can be called from the console?
I see conflicting information when searching: some information suggests
placing it in ./msf3/modules/exploits and other information contradicts
When I place it in ./msf3/modules/exploits it cannot be found when
running the use command in metasploit.
On 5/28/2011 11:37 PM, YGN Ethical Hacker Group wrote:
Not sure whether this has been submitted or not.
James from GulfTech Research and Development coded
joomla_filter_order.rb that exploits SQL injection (ref:
Joomla! 1.6.0 version.
The exploit leverages SQL Injection to gain administrator hash. From
that, it attempts to upload PHP meterpreter shell using the name of