Home page logo
/

metasploit logo Metasploit mailing list archives

Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE)
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Fri, 3 Jun 2011 09:59:48 +0800

That's Excellent!


On Tue, May 31, 2011 at 8:54 PM, GulfTech Security Research
<security () gulftech org> wrote:
Hi,

I ended up breaking this particular exploit into two parts in order to
better fit the modular nature of the MSF framework, as suggested to me by
the devs. The result is an auxiliary module that will gather credentials and
store them to the MSF notes database, and a RCE module used to escalate
admin credentials to shell level access.

joomla_filter_order_aux.rb
https://docs.google.com/leaf?id=0B5oxcQ53hliTYTFlZmE0ZWItYjdkMC00OTM0LWJlNWYtMTM0OThhYjVjYjZk&hl=en_US

joomla_16_admin_exec.rb
https://docs.google.com/leaf?id=0B5oxcQ53hliTM2Y5NWRhNzYtMmRjZi00MmQzLWJmMzUtM2Y5NzU4YjcyMWVi&hl=en_US

The original exploit works just fine, but some people may prefer it being
split this way since the joomla_16_admin_exec.rb can be very useful by
itself whenever an attacker has valid admin credentials in their possession.
Hope this helps.

Regards,

~James

--
James Bercegay
GulfTech Security Research
http://www.gulftech.org/

On Sat, May 28, 2011 at 11:37 PM, YGN Ethical Hacker Group <lists () yehg net>
wrote:

Not sure whether this has been submitted or not.

James from GulfTech Research and Development coded
joomla_filter_order.rb that exploits SQL injection (ref:
http://packetstormsecurity.org/files/view/99318/joomla160-sql.txt)  in
Joomla! 1.6.0 version.
The exploit leverages SQL Injection to gain administrator hash. From
that, it attempts to upload PHP meterpreter shell using  the name of
com_joomla component.


http://www.gulftech.org/downloads


https://docs.google.com/leaf?id=0B5oxcQ53hliTNmZlNGJmODEtNmQ3MC00YWI2LThmMTAtZjUzMGU0OTcxOTNh&hl=en
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework


_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault