metasploit-framework May 2011 archive
Main Archive Page > Month Archives  > metasploit-framework archives
metasploit-framework: [framework] joomla_filter_order.rb (Joomla

[framework] joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE)

From: YGN Ethical Hacker Group <lists_at_nospam>
Date: Sun May 29 2011 - 03:37:54 GMT

Not sure whether this has been submitted or not.

James from GulfTech Research and Development coded
joomla_filter_order.rb that exploits SQL injection (ref: in
Joomla! 1.6.0 version.
The exploit leverages SQL Injection to gain administrator hash. From
that, it attempts to upload PHP meterpreter shell using the name of
com_joomla component.