metasploit-framework May 2011 archive
Main Archive Page > Month Archives  > metasploit-framework archives
metasploit-framework: Re: [framework] joomla_filter_order.rb (Jo

Re: [framework] joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE)

From: GulfTech Security Research <security_at_nospam>
Date: Tue May 31 2011 - 12:54:29 GMT
To: YGN Ethical Hacker Group <>


I ended up breaking this particular exploit into two parts in order to
better fit the modular nature of the MSF framework, as suggested to me by
the devs. The result is an auxiliary module that will gather credentials and
store them to the MSF notes database, and a RCE module used to escalate
admin credentials to shell level access.



The original exploit works just fine, but some people may prefer it being
split this way since the joomla_16_admin_exec.rb can be very useful by
itself whenever an attacker has valid admin credentials in their possession.
Hope this helps.



-- James Bercegay GulfTech Security Research On Sat, May 28, 2011 at 11:37 PM, YGN Ethical Hacker Group <>wrote: > Not sure whether this has been submitted or not. > > James from GulfTech Research and Development coded > joomla_filter_order.rb that exploits SQL injection (ref: > in > Joomla! 1.6.0 version. > The exploit leverages SQL Injection to gain administrator hash. From > that, it attempts to upload PHP meterpreter shell using the name of > com_joomla component. > > > > > > > _______________________________________________ > >