exploits icon indicating copy to clipboard operation
exploits copied to clipboard

Published 20 hours ago verified publisher icon XiphosResearch

Can only concatenate str

Open ghost opened this issue 5 years ago • 10 comments

python joomblah.py http://10.xx.xx.xx.

Traceback (most recent call last): File "joomblah.py", line 186, in sys.exit(main("http://IP:8080/joomla")) File "joomblah.py", line 183, in main pwn_joomla_again(options) File "joomblah.py", line 147, in pwn_joomla_again tables = extract_joomla_tables(options, sess, token) File "joomblah.py", line 74, in extract_joomla_tables result = joomla_370_sqli_extract(options, sess, token, "TABLE_NAME", "FROM information_schema.tables WHERE TABLE_NAME LIKE 0x257573657273 LIMIT " + str(offset) + ",1" ) File "joomblah.py", line 46, in joomla_370_sqli_extract result += value TypeError: can only concatenate str (not "bytes") to str

ghost avatar Apr 25 '20 22:04 ghost

Try explicitly casting the variable. eg. result += str(value)

somesh-bhandarkar avatar Jun 15 '20 12:06 somesh-bhandarkar

Try explicitly casting the variable. eg. result += str(value)

Changing this, the script runs without an error, but the output is not satisfying at all. It looks like something is missing/cut off:


python3 joomblah.py http://10.XXX.XXX.XXX/
[-] Fetching CSRF token
 [-] Testing SQLi
  -  Found table: b'fb9j5_users'
  -  Extracting users from b'fb9j5_users'
  -  Extracting sessions from b'fb9j5_usession

stempst0r avatar Sep 22 '20 08:09 stempst0r

Getting the same error!

samjain2907 avatar Oct 15 '20 13:10 samjain2907

Do any one found the solution.

mild0wl avatar Oct 22 '20 12:10 mild0wl

Run the script using python2 instead of python3 if you get an error message about a missing request module, install it via pip.

Scytex avatar Oct 24 '20 12:10 Scytex

  1. Install pip with Python2.7 curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py python2.7 get-pip.py
  2. Install the "requests" module python2.7 -m pip install requests
  3. Run the exploit python2.7 joomblah.py <IP>

0xhsn avatar Nov 08 '20 22:11 0xhsn

Had the same issue. Created a pull request which contains a python3-compatible joombla.py file.

https://github.com/XiphosResearch/exploits/pull/18

mats-codes avatar Nov 09 '20 18:11 mats-codes

1.Install pip with Python2.7 ### curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip.py

python2.7 get-pip.py

2.Install the "requests" module

python2.7 -m pip install requests

3.Run the exploit ### python2.7 joomblah.py <IP>

Thanks timyc00k i just changed the first step.

owaisqaa avatar May 08 '21 01:05 owaisqaa

  1. Install pip with Python2.7 curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py python2.7 get-pip.py
  2. Install the "requests" module python2.7 -m pip install requests
  3. Run the exploit python2.7 joomblah.py <IP>

solved.. thanks

theperrinpages avatar Sep 11 '21 15:09 theperrinpages