استغلال ثغرة قديمة من سكرسبت Joomla!

+Jooma! Based Firewall Detection

[!] .htaccess shipped with  Joomla!  is being deployed for SEO purpose
[!] It contains some defensive mod_rewrite rules
[!] Payloads that contain strings (mosConfig,base64_encode,**********
GLOBALS,_REQUEST) wil be responsed with 403.

+Version Information

~Generic version family ....... [1.5.x]

~1.5.x en-GB.ini revealed [1.5.12 - 1.5.14]

Deduced version range is : [1.5.12 - 1.5.14]

+Components Found in front page (7)
com_mailto
com_content
com_gcalendar
com_eventlist
com_jquickcontact
com_kunena
com_newsfeeds


Vulnerability Assessment Result 


+Vulnerabilities Discovered
Info -> Generic: Unprotected Administrator directory
Versions Affected: Any
Exploit: 

Vulnerable? N/A

Info -> Core: Admin Backend Cross Site Request Forgery Vulnerability
Versions effected: 1.0.13 <=
Exploit: 

Vulnerable? Yes

Info -> CorePlugin: TinyMCE TinyBrowser addon multiple vulnerabilities
Versions effected:  Joomla!  1.5.12 
Check:  site . com/ plugins /editors / tinymce / jscripts/tiny_mce/ plugins / tinybrowser /  
Exploit: 

Vulnerable? Yes

Info -> CoreComponent: com_mailto timeout Vulnerability
Versions effected: 1.5.13 <=
Check: http : // site . com / components / com_mailto /  
Exploit: 

Vulnerable? Yes

Info -> Component: Joomla Component com_djartgallery Multiple Vulnerabilities
Versions Affected: 0.9.1 <= 
Check: http : // site . com / administrator / index.php?option=com_djartgallery&task=editItem&cid[]=1'+and+1=1+--+  
Exploit: 

Vulnerable? N/A