Joomla SQLi to PHPExec

[NeonFlash <psykosonik_frequenz () yahoo com>]

hello,

I am using the joomla_filter_order exploit. I got the link to the exploit module from here:

http://0x6a616d6573.blogspot.in/2011/04/joomla-160-sql-injection-analysis-and.html

Now, I am using it to test the vulnerability in a Joomla 1.6 installation.

the default options are being used for the exploit module.

only RHOST option was modified to the site name.

However, when I run the exploit, I keep receiving a timeout connection. After several attempts, it was able to send out 
a GET request to the site to detect the version of Joomla running. However, it again gives a connection timeout error 
and fails.

I am able to open the site from my browser without any issues and also ping it.

I ran wireshark while the exploit module was running and after sending the first GET request to the Joomla site, it 
doesn't send any traffic after that to the destination site.

Here is the output of the exploit module:

[*] Started reverse handler on 127.0.0.1:4444 
[*] Initializing exploit code ...
################################################
# Joomla! 1.6.0 SQL Injection -> PHP execution #
################################################
# By James Bercegay # http://www.gulftech.org/ #
################################################
[*] Attempting to determine Joomla version
[*] The target is running Joomla version : 1.6
[-] Exploit exception: The connection timed out (salt-earth.com:80).
[*] Exploit completed, but no session was created.


I checked the code of the module and modified the timeout in GET wrapper here:

325:    def http_get(url, headers = {}, timeout = 60)
357:        }, timeout)


Even then, the exploit times out.

Any suggestions?

Thanks.

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework