Metasploit mailing list archives
Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE)
From: Jeffs <jeffs () speakeasy net>
Date: Sun, 29 May 2011 11:27:53 -0400
Hello All,Where in metasploit is this ruby model supposed to be placed so that it can be called from the console?
I see conflicting information when searching: some information suggests placing it in ./msf3/modules/exploits and other information contradicts that suggestion.
When I place it in ./msf3/modules/exploits it cannot be found when running the use command in metasploit.
Thank you. On 5/28/2011 11:37 PM, YGN Ethical Hacker Group wrote:
Not sure whether this has been submitted or not. James from GulfTech Research and Development coded joomla_filter_order.rb that exploits SQL injection (ref: http://packetstormsecurity.org/files/view/99318/joomla160-sql.txt) in Joomla! 1.6.0 version. The exploit leverages SQL Injection to gain administrator hash. From that, it attempts to upload PHP meterpreter shell using the name of com_joomla component. http://www.gulftech.org/downloads https://docs.google.com/leaf?id=0B5oxcQ53hliTNmZlNGJmODEtNmQ3MC00YWI2LThmMTAtZjUzMGU0OTcxOTNh&hl=en _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) YGN Ethical Hacker Group (May 28)
- Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) Jeffs (May 29)
- Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) HD Moore (May 29)
- Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) GulfTech Security Research (May 31)
- Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) YGN Ethical Hacker Group (Jun 02)
- joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) Jeffs (Jun 03)
- Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) GulfTech Security Research (Jun 03)
- Re: joomla_filter_order.rb (Joomla 1.6.0 SQLIn to RCE) Jeffs (May 29)