Metasploit mailing list archives
Re: Joomla SQLi to PHPExec
From: Joshua Smith <lazydj98 () gmail com>
Date: Tue, 15 Jan 2013 10:47:36 -0600
Are you setting RHOST to 127.0.0.1? Generally metasploit doesn't handle 127.0.0.1. You can *sometimes* substitute 127.0.1.1 which or any other localhost address. Try running your joomla instance on one of your proper IP addresses and trying it again. You can then tear down the joomla instance so as not to get exploited by others. -Josh On Jan 15, 2013, at 10:39 AM, NeonFlash wrote:
hello, I am using the joomla_filter_order exploit. I got the link to the exploit module from here: http://0x6a616d6573.blogspot.in/2011/04/joomla-160-sql-injection-analysis-and.html Now, I am using it to test the vulnerability in a Joomla 1.6 installation. the default options are being used for the exploit module. only RHOST option was modified to the site name. However, when I run the exploit, I keep receiving a timeout connection. After several attempts, it was able to send out a GET request to the site to detect the version of Joomla running. However, it again gives a connection timeout error and fails. I am able to open the site from my browser without any issues and also ping it. I ran wireshark while the exploit module was running and after sending the first GET request to the Joomla site, it doesn't send any traffic after that to the destination site. Here is the output of the exploit module: [*] Started reverse handler on 127.0.0.1:4444 [*] Initializing exploit code ... ################################################ # Joomla! 1.6.0 SQL Injection -> PHP execution # ################################################ # By James Bercegay # http://www.gulftech.org/ # ################################################ [*] Attempting to determine Joomla version [*] The target is running Joomla version : 1.6 [-] Exploit exception: The connection timed out (salt-earth.com:80). [*] Exploit completed, but no session was created. I checked the code of the module and modified the timeout in GET wrapper here: 325: def http_get(url, headers = {}, timeout = 60) 357: }, timeout) Even then, the exploit times out. Any suggestions? Thanks. _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
_______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Joomla SQLi to PHPExec NeonFlash (Jan 15)
- Re: Joomla SQLi to PHPExec Joshua Smith (Jan 15)
- Re: Joomla SQLi to PHPExec NeonFlash (Jan 15)
- Re: Joomla SQLi to PHPExec Joshua Smith (Jan 15)
- Re: Joomla SQLi to PHPExec NeonFlash (Jan 15)
- Re: Joomla SQLi to PHPExec Joshua Smith (Jan 15)