Site on joomla 3.3.1 why doesn't exploit sql injection work?

A

ABU SADDAM SHISHANI2019-01-31 15:48:03

Python

ABU SADDAM SHISHANI, 2019-01-31 15:48:03

Namely, we are talking about CVE-2016-9838, there is also an exploit https://www.exploit-db.com/exploits/41157 written in python, as I understand it, in the code you only need to change the url to the "victims" link, but either I'm doing something wrong, or the site is not subject to this vulnerability (which I doubt very much, since it was not fixed, it must be present in version 3.3.1 as it was stated), but in the terminal it gives the following error
Traceback (most recent call last):
File "joomla_take_over.py", line 39, in
data = {e['name']: e['value'] for e in form.find_all('input')}
AttributeError: 'NoneType' object has no attribute 'find_all'

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

V

Vladimir, 2019-01-31
@MechanID

If the site is located on some large shared hosting, then with a probability of 99% there is mod_security with a set of rules from some provider (for example, Comodo). which actually easily closes such old vulnerabilities.