metasploit-framework May 2011 archive
Main Archive Page > Month Archives  > metasploit-framework archives
metasploit-framework: Re: [framework] joomla_filter_order.rb (Jo

Re: [framework] joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE)

From: Jeffs <jeffs_at_nospam>
Date: Sun May 29 2011 - 15:27:53 GMT
To: YGN Ethical Hacker Group <lists@yehg.net>

Hello All,

Where in metasploit is this ruby model supposed to be placed so that it
can be called from the console?

I see conflicting information when searching: some information suggests
placing it in ./msf3/modules/exploits and other information contradicts
that suggestion.

When I place it in ./msf3/modules/exploits it cannot be found when
running the use command in metasploit.

Thank you.

On 5/28/2011 11:37 PM, YGN Ethical Hacker Group wrote:
> Not sure whether this has been submitted or not.
>
> James from GulfTech Research and Development coded
> joomla_filter_order.rb that exploits SQL injection (ref:
> http://packetstormsecurity.org/files/view/99318/joomla160-sql.txt) in
> Joomla! 1.6.0 version.
> The exploit leverages SQL Injection to gain administrator hash. From
> that, it attempts to upload PHP meterpreter shell using the name of
> com_joomla component.
>
>
> http://www.gulftech.org/downloads
>
> https://docs.google.com/leaf?id=0B5oxcQ53hliTNmZlNGJmODEtNmQ3MC00YWI2LThmMTAtZjUzMGU0OTcxOTNh&hl=en
> _______________________________________________
> https://mail.metasploit.com/mailman/listinfo/framework
>
>

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework