bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/40966.txt
Offensive Security 6a202bbb97 DB: 2016-12-27 
4 new exploits

Serv-U FTP Server < 5.2 - Remote Denial of Service
RhinoSoft Serv-U FTP Server < 5.2 - Remote Denial of Service

Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service
RhinoSoft Serv-U FTP Server 7.3 - Authenticated (stou con:1) Denial of Service

Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service
RhinoSoft Serv-U FTP Server 7.4.0.1 - (SMNT) Authenticated Denial of Service

FTPShell Server 6.36 - '.csv' Local Denial of Service

Serv-U FTP Server 3.x < 5.x - Privilege Escalation
RhinoSoft Serv-U FTP Server 3.x < 5.x - Privilege Escalation

Wampserver 3.0.6 - Insecure File Permissions Privilege Escalation

Serv-U FTP Server 7.4.0.1 - (MKD) Create Arbitrary Directories Exploit
RhinoSoft Serv-U FTP Server 7.4.0.1 - 'MKD' Create Arbitrary Directories Exploit

Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal
Cat Soft Serv-U FTP Server 2.4/2.5 - FTP Directory Traversal

IndexScript 2.8 - (show_cat.php cat_id) SQL Injection
IndexScript 2.8 - 'cat_id' Parameter SQL Injection

GForge < 4.6b2 - (skill_delete) SQL Injection
GForge < 4.6b2 - 'skill_delete' Parameter SQL Injection

torrenttrader classic 1.07 - Multiple Vulnerabilities
TorrentTrader Classic 1.07 - Multiple Vulnerabilities

Camera Life 2.6.2 - 'id' SQL Injection
Camera Life 2.6.2 - 'id' Parameter SQL Injection

Full PHP Emlak Script - 'arsaprint.php id' SQL Injection
Full PHP Emlak Script - 'arsaprint.php' SQL Injection

CCMS 3.1 - (skin) Multiple Local File Inclusion
CCMS 3.1 - 'skin' Parameter Local File Inclusion

JMweb - Multiple (src) Local File Inclusion
JMweb - 'src' Parameter Local File Inclusion

geccBBlite 2.0 - (leggi.php id) SQL Injection
geccBBlite 2.0 - 'id' Parameter SQL Injection
PHP-Fusion Mod raidtracker_panel - (INFO_RAID_ID) SQL Injection
PHP-Fusion Mod recept - (kat_id) SQL Injection
PHP-Fusion Mod raidtracker_panel - 'INFO_RAID_ID' Parameter SQL Injection
PHP-Fusion Mod recept - 'kat_id' Parameter SQL Injection

Yerba SACphp 6.3 - (mod) Local File Inclusion
Yerba SACphp 6.3 - Local File Inclusion

Joomla! Component com_hotspots - (w) SQL Injection
Joomla! Component com_hotspots - SQL Injection
PHP Realtor 1.5 - (view_cat.php v_cat) SQL Injection
PHP Auto Dealer 2.7 - (view_cat.php v_cat) SQL Injection
PHP Autos 2.9.1 - (searchresults.php catid) SQL Injection
Built2Go PHP Realestate 1.5 - (event_detail.php) SQL Injection
PHP Realtor 1.5 - 'v_cat' Parameter SQL Injection
PHP Auto Dealer 2.7 - 'v_cat' Parameter SQL Injection
PHP Autos 2.9.1 - 'catid' Parameter SQL Injection
Built2Go PHP Realestate 1.5 - 'event_detail.php' SQL Injection

AdMan 1.1.20070907 - 'campaignId' SQL Injection
AdMan 1.1.20070907 - 'campaignId' Parameter SQL Injection
Gforge 4.5.19 - Multiple SQL Injections
Gforge 4.6 rc1 - (skill_edit) SQL Injection
GForge 4.5.19 - Multiple SQL Injections
Gforge 4.6 rc1 - 'skill_edit' Parameter SQL Injection

camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting
Camera Life 2.6.2b4 - SQL Injection / Cross-Site Scripting

IranMC Arad Center - 'news.php id' SQL Injection
IranMC Arad Center - SQL Injection

Ayco Okul Portali - (linkid) SQL Injection (tr)
Ayco Okul Portali - 'linkid' Parameter SQL Injection

Easynet4u faq Host - 'faq.php faq' SQL Injection
Easynet4u faq Host - 'faq.php' SQL Injection
MunzurSoft Wep Portal W3 - (kat) SQL Injection
Easynet4u Link Host - 'cat_id' SQL Injection
SlimCMS 1.0.0 - (redirect.php) Privilege Escalation
Joomla! Component ownbiblio 1.5.3 - 'catid' SQL Injection
MunzurSoft Wep Portal W3 - 'kat' Parameter SQL Injection
Easynet4u Link Host - 'cat_id' Parameter SQL Injection
SlimCMS 1.0.0 - 'redirect.php' Privilege Escalation
Joomla! Component ownbiblio 1.5.3 - 'catid' Parameter SQL Injection

Real Estate Scripts 2008 - 'index.php cat' SQL Injection
Real Estate Scripts 2008 - 'cat' Parameter SQL Injection
ParsBlogger - 'links.asp id' SQL Injection
IndexScript 3.0 - (sug_cat.php parent_id) SQL Injection
ParsBlogger - 'links.asp' SQL Injection
IndexScript 3.0 - 'parent_id' Parameter SQL Injection

XOOPS Module xhresim - 'index.php no' SQL Injection
XOOPS Module xhresim - SQL Injection

SezHoo 0.1 - (IP) Remote File Inclusion
SezHoo 0.1 - Remote File Inclusion

torrenttrader classic 1.09 - Multiple Vulnerabilities
TorrentTrader Classic 1.09 - Multiple Vulnerabilities

AdaptCMS Lite 1.5 2009-07-07 - Exploit
AdaptCMS Lite 1.5 - Arbitrary Add Admin

Absolute Poll Manager XE 4.1 - xlaapmview.asp Cross-Site Scripting
Absolute Poll Manager XE 4.1 - 'xlaapmview.asp' Cross-Site Scripting

GForge 3.1/4.5/4.6 - Verify.php Cross-Site Scripting
GForge 3.1/4.5/4.6 - 'Verify.php' Cross-Site Scripting
OpenNMS 1.5.x - j_acegi_security_check j_username Parameter Cross-Site Scripting
OpenNMS 1.5.x - notification/list.jsp 'Username' Parameter Cross-Site Scripting
OpenNMS 1.5.x - event/list filter Parameter Cross-Site Scripting
OpenNMS 1.5.x - 'j_username' Parameter Cross-Site Scripting
OpenNMS 1.5.x - 'Username' Parameter Cross-Site Scripting
OpenNMS 1.5.x - 'filter' Parameter Cross-Site Scripting
ManageEngine ADManager Plus 5.2 Build 5210 - DomainConfig.do Operation Parameter Cross-Site Scripting
ManageEngine ADManager Plus 5.2 Build 5210 - jsp/AddDC.jsp domainName Parameter Cross-Site Scripting
ManageEngine ADManager Plus 5.2 Build 5210 - 'Operation' Parameter Cross-Site Scripting
ManageEngine ADManager Plus 5.2 Build 5210 - 'domainName' Parameter Cross-Site Scripting
Joomla! Component Blog Calendar - SQL Injection
PHPMailer 5.2.17 - Remote Code Execution
2016-12-27 05:01:16 +00:00

32 lines
No EOL
1.6 KiB
Text
Executable file
Raw Blame History

==========================================================================================
Joomla com_blog_calendar SQL Injection Vulnerability
==========================================================================================
:-------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : Joomla com_blog_calendar SQL Injection Vulnerability
: # Date : 26th December 2016
: # Author : X-Cisadane
: # CMS Name : Joomla
: # CMS Developer : http://joomlacode.org/gf/project/blog_calendar/
: # Category : Web Application
: # Vulnerability : SQL Injection
: # Tested On : SQLMap 1.0.12.9#dev
: # Greetz to : X-Code YogyaFree, ExploreCrew, CodeNesia, Bogor Hackers Community, Borneo Crew, Depok Cyber, Mantan
:-------------------------------------------------------------------------------------------------------------------------:
A SQL Injection Vulnerability has been discovered in the Joomla Module called com_blog_calendar.
The Vulnerability is located in the index.php?option=com_blog_calendar&modid=xxx Parameter.
Attackers are able to execute own SQL commands by usage of a GET Method Request with manipulated modid Value.
Attackers are able to read Database information by execution of own SQL commands.
DORKS (How to find the target) :
================================
inurl:/index.php?option=com_blog_calendar
Or use your own Google Dorks :)
Proof of Concept
================
SQL Injection
PoC :
http://[Site]/[Path]/index.php?option=com_blog_calendar&modid=['SQLi]
Reference in a new issue View git blame Copy permalink