Today I am releasing my Joomla Component BF Quiz SQL Injection Exploit. It exploits a vulnerability within the Joomla component BF Quiz I found a few hours ago. Please click here to download the Python sploit. Usage example: python joomla_com_bfquiz_sploit.py – u “http://target/index.php?option=com_bfquiztrial&view=bfquiztrial&catid=34″ Features: – Check if the provided URL is reachable – Display current database, [...]

Please view the original advisory here. The Joomla Component BF Quiz fails to sanitize the input passed trough the parameter “catid”. Therefore the software is exposed to SQL injection attacks. I found this vulnerability while testing my new self-coded SQL injection vulnerability scanner (will be released soon). When I first had a look at this [...]

Please view the full advisory/exploit here. The Joomla Component Reservations is exposed to XSS attacks.

Today I decided to release my Joomla com_qpersonal SQL Injection Remote Exploit. It exploits a SQL injection vulnerability I found a few weeks ago. The sploit is based on my column fuzzer and the enhanced Joomla exploitation tool I wrote You can find the exploit here.

Edit 23th May: Version 1.1 released. Today I released the Full Automated Column Finder for SQL Injection (Python script). It is a column fuzzer which helps you saving time. [Download here] Description The Full Automated Column Finder helps you to determine the correct amount of columns of the current SQL query. It is useful for [...]

Please view the original advisory here. The Joomla component JE Job suffers from a Local File Inclusion vulnerability. Furthermore XSS attacks may be possible. Example URI = index.php?option=com_jejob&view=../../../../../../etc/passwd%00 It is highly recommended to activate the PHP var OpenBaseDir and configure it correctly.

Please view the original advisory here. The Joomla component JE Ajax Event Calendar suffers from a Local File Inclusion vulnerability. Example URI = index.php?option=com_jeajaxeventcalendar&view=../../../../../../etc/passwd%00 Affected version(s): 1.0.3

Please view the original advisory here. The free shoutbox script from damianov.net suffers from a XSS vulnerability. Injecting arbitrary HTML and Java Script code is possible while adding a new shout, no matter if HTML is allowed in the shoutsettings.php or not. #1 Example: <SCRIPT src=some-script.js></SCRIPT> #2 Example: <SCRIPT>alert(“XSS”)</SCRIPT> #3 Example: <SCRIPT>alert(document.cookie)</SCRIPT> #4 Example: <script>document.location.href=”http://www.google.de”</script> [...]

View the advisory here. The image gallery script “Auto-Img-Gallery” suffers from a XSS vulnerability. Furthermore SQL injection might be possible since I got some SQL errors just by browsing trough the script and playing around with the URI. Still need to find out if there is a way to exploit this.

Please view the txt advisory here. The actually very nice guestbook “Guestbook PHP” suffers from a XSS vulnerability. The guestbook fails to properly sanitize the user input when a new entry is added. When HTML/Java Script code is added, it gets displayed/parsed when the new entry was successfully submitted. Furthermore the code gets executed when [...]