mailing list archives
Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE)
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Fri, 3 Jun 2011 09:59:48 +0800
On Tue, May 31, 2011 at 8:54 PM, GulfTech Security Research
<security () gulftech org> wrote:
I ended up breaking this particular exploit into two parts in order to
better fit the modular nature of the MSF framework, as suggested to me by
the devs. The result is an auxiliary module that will gather credentials and
store them to the MSF notes database, and a RCE module used to escalate
admin credentials to shell level access.
The original exploit works just fine, but some people may prefer it being
split this way since the joomla_16_admin_exec.rb can be very useful by
itself whenever an attacker has valid admin credentials in their possession.
Hope this helps.
GulfTech Security Research
On Sat, May 28, 2011 at 11:37 PM, YGN Ethical Hacker Group <lists () yehg net>
Not sure whether this has been submitted or not.
James from GulfTech Research and Development coded
joomla_filter_order.rb that exploits SQL injection (ref:
Joomla! 1.6.0 version.
The exploit leverages SQL Injection to gain administrator hash. From
that, it attempts to upload PHP meterpreter shell using the name of