Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Joomla SQLi to PHPExec

From: Joshua Smith <lazydj98 () gmail com>
Date: Tue, 15 Jan 2013 10:47:36 -0600
Are you setting RHOST to 127.0.0.1?  Generally metasploit doesn't handle 127.0.0.1.  You can *sometimes* substitute 
127.0.1.1 which or any other localhost address.
Try running your joomla instance on one of your proper IP addresses and trying it again.  You can then tear down the 
joomla instance so as not to get exploited by others.

-Josh


On Jan 15, 2013, at 10:39 AM, NeonFlash wrote:


hello,

I am using the joomla_filter_order exploit. I got the link to the exploit module from here:

http://0x6a616d6573.blogspot.in/2011/04/joomla-160-sql-injection-analysis-and.html

Now, I am using it to test the vulnerability in a Joomla 1.6 installation.

the default options are being used for the exploit module.

only RHOST option was modified to the site name.

However, when I run the exploit, I keep receiving a timeout connection. After several attempts, it was able to send 
out a GET request to the site to detect the version of Joomla running. However, it again gives a connection timeout 
error and fails.

I am able to open the site from my browser without any issues and also ping it.

I ran wireshark while the exploit module was running and after sending the first GET request to the Joomla site, it 
doesn't send any traffic after that to the destination site.

Here is the output of the exploit module:

[*] Started reverse handler on 127.0.0.1:4444 
[*] Initializing exploit code ...
################################################
# Joomla! 1.6.0 SQL Injection -> PHP execution #
################################################
# By James Bercegay # http://www.gulftech.org/ #
################################################
[*] Attempting to determine Joomla version
[*] The target is running Joomla version : 1.6
[-] Exploit exception: The connection timed out (salt-earth.com:80).
[*] Exploit completed, but no session was created.

I checked the code of the module and modified the timeout in GET wrapper here:

325:    def http_get(url, headers = {}, timeout = 60)
357:        }, timeout)

Even then, the exploit times out.

Any suggestions?

Thanks.





_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework



_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: