Joomla Component BF Quiz SQL Injection Exploit

Joomla Component BF Quiz SQL Injection Exploit released

Today I am releasing my Joomla Component BF Quiz SQL Injection Exploit. It exploits a vulnerability within the Joomla component BF Quiz I found a few hours ago. Please click here to download the Python sploit. Usage example: python joomla_com_bfquiz_sploit.py – u “http://target/index.php?option=com_bfquiztrial&view=bfquiztrial&catid=34″ Features: - Check if the provided URL is reachable - Display current database, […]... Read More

Joomla Component BF Quiz SQL Injection Vulnerability

Please view the original advisory here. The Joomla Component BF Quiz fails to sanitize the input passed trough the parameter “catid”. Therefore the software is exposed to SQL injection attacks. I found this vulnerability while testing my new self-coded SQL injection vulnerability scanner (will be released soon). When I first had a look at this […]... Read More
Automated Joomla SQL Injection Exploiter Screenshot 1 Automated Joomla SQL Injection Exploiter Screenshot 2

Automated Joomla SQL Injection Exploiter

Today I am releasing my Automated Joomla SQL Injection Exploiter version 1.0 (23th May 2010). [Download here] I wrote this tool because I did not want to write a new exploit every time when a new Joomla (component/module/plugin) SQL injection vulnerability was discovered/revealed. Simply hand over a vulnerable Joomla URL to the tool and receive all Joomla […]... Read More

Joomla com_qpersonel SQL Injection Remote Exploit released

Today I decided to release my Joomla com_qpersonal SQL Injection Remote Exploit. It exploits a SQL injection vulnerability I found a few weeks ago. The sploit is based on my column fuzzer and the enhanced Joomla exploitation tool I wrote You can find the exploit here.... Read More
Full Automated Column Finder for SQL Injection by Valentin Hoebel

Full Automated Column Finder for SQL Injection released

Edit 23th May: Version 1.1 released. Today I released the Full Automated Column Finder for SQL Injection (Python script). It is a column fuzzer which helps you saving time. [Download here] Description The Full Automated Column Finder helps you to determine the correct amount of columns of the current SQL query. It is useful for […]... Read More

Joomla Component ActiveHelper LiveHelp XSS Vulnerabilities

Please view the original advisory here. # Exploit Title: Joomla Component ActiveHelper LiveHelp XSS Vulnerabilities # Date: 18.05.2010 # Author: Valentin # Category: webapps/0day # Version: 2.0.3 # Tested on: # CVE : # Code : [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::] >> General Information Advisory/Exploit Title = Joomla Component ActiveHelper LiveHelp XSS Vulnerabilities Author = Valentin Hoebel […]... Read More