metasploit-framework May 2011 archive
Main Archive Page > Month Archives  > metasploit-framework archives
metasploit-framework: [framework] joomla_filter_order.rb (Joomla

[framework] joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE)

From: YGN Ethical Hacker Group <lists_at_nospam>
Date: Sun May 29 2011 - 03:37:54 GMT
To: framework@spool.metasploit.com

Not sure whether this has been submitted or not.

James from GulfTech Research and Development coded
joomla_filter_order.rb that exploits SQL injection (ref:
http://packetstormsecurity.org/files/view/99318/joomla160-sql.txt) in
Joomla! 1.6.0 version.
The exploit leverages SQL Injection to gain administrator hash. From
that, it attempts to upload PHP meterpreter shell using the name of
com_joomla component.

http://www.gulftech.org/downloads

https://docs.google.com/leaf?id=0B5oxcQ53hliTNmZlNGJmODEtNmQ3MC00YWI2LThmMTAtZjUzMGU0OTcxOTNh&hl=en
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework