Joomla Component com_jmsfileseller Local File Inclusion Vulnerability

Please download the original advisory/exploit here. The Joomla component com_jmsfileseller suffers from a Local File Inclusion vulnerability. URL: index.php?option=com_jmsfileseller&view=<LFI value>&cat_id=1&Itemid=27 Vulnerable parameter: view Example: index.php?option=com_jmsfileseller&view=../../../etc/passwd%00&cat_id=12&Itemid=27... Read More

The Joomla Hacking Compendium

Download The Joomla Hacking Compendium here. With great pleasure I hereby announce the availability of the new “The Joomla Hacking Compendium”. It contains almost 1000 lines of pure knowledge and shows you the way to hack and protect Joomla. It contains the following chapters: Please find an excerpt below:... Read More

Joomla Component com_jsupport SQL Injection Vulnerability

Please view the original advisory/exploit here. The Joomla component com_jsupport suffers from a remote SQL injection vulnerability. This vulnerability can be found by viewing the component in the Joomla administrator backend. Examples: administrator/index.php?option=com_jsupport&task=listTickets&alpha=[SQL Injection] administrator/index.php?option=com_jsupport&task=listFaqs&alpha=[SQL Injection]... Read More

Joomla Component com_jsupport Critical XSS Vulnerability

Please view the original advisory/exploit here. The Joomla component com_jsupport suffers from a critical XSS vulnerability: The component allows you to create and submit tickets. The tickets can be viewed on the website and in the admin panel. It is possible to inject arbitrary HTML and JS/VBS code into the title field of the ticket. […]... Read More

Joomla Component com_restaurantguide Multiple Vulnerabilities

Please view the original advisory/exploit here. The Joomla component com_restaurantguide suffers from multiple vulnerabilities. >> SQL Injection index.php?option=com_restaurantguide&view=country&id=’&Itemid=69 (id parameter is vulnerable) >> HTML/JS/VBS Code Injection (all input fields, also in the admin backend) It is possible to inject HTML/JS/VBS code into the document although XSS filters are active. Simply end the current HTML tag […]... Read More

Joomla Component com_golfcourseguide SQL Injection Vulnerability

Please download/view the original advisory here. The Joomla component com_golfcourseguide fails to sanitize the user input and therefore suffers from a remote SQL injection vulnerability. Example URL index.php?option=com_golfcourseguide&view=golfcourses&cid=1&id=[SQL Injection] Versions affected v0.9.6.0 beta, v1 beta... Read More