Good Evening Friends. Today we will see how to exploit the “Joomla Error-Based SQL Injection” vulnerability found recently to enumerate usernames and password hashes found in remote servers where Joomla is installed. This vulnerability is found in Joomla versions 3.2 to 3.4.4. Now let’s see how to use this exploit to enumerate usernames and password hashes. This exploit is available in Metasploit. I am testing this exploit on Joomla version 3.4.4.
Start Metasploit and load the exploit as shown below.
Set the required options as shown below and type command “exploit”. After some time, a text file containing usernames and password hashes is downloaded and stored in your system as shown below.
Now open the text file with any text editor available in kali Linux. I have used gedit.
This is the text file we have downloaded. As you can see below, we can see usernames and password hashes of the joomla installation.