CVE-2010-0759
published 2010-02-27CVE-2010-0759: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for…
PriorityP269high7.5CVSS 2.0
AVNACLAuNCPIPAP
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
14.96%
96.3th percentile
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| greatjoomla | scriptegrator_plugin | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url{{BaseURL}}/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd↗
urlhttp://server/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd↗
- →Look for HTTP GET requests targeting jsloader.php with a 'files[]' parameter containing path traversal sequences (e.g., /etc/passwd or ../../) in the URL path /plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php. ↗
- →The exploit uses the HTTP GET parameter 'files[]' to pass arbitrary file paths to PHP's include() function; monitor web logs for requests with 'files[]=' containing absolute paths or traversal sequences. ↗
- →Successful exploitation returns the contents of /etc/passwd; detect by matching the response body for the pattern 'root:.*:0:0:' on HTTP 200 responses to the vulnerable endpoint. ↗
- →CVE-2010-0760 covers a related but distinct vector: the 'file' parameter to libraries/jquery/js/ui/jsloader.php and 'files[]' to libraries/jquery/js/jsloader.php — monitor those paths as well. ↗
- ·Exploitation is limited to Local File Inclusion (LFI) only — remote file inclusion is blocked by an is_file() check, so only files readable by the httpd user on the local filesystem can be included/executed. ↗
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-52q3-cgph-xhf4: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader
ghsa_unreviewed·2022-05-02·CVSS 6.8
CVE-2010-0759 [MEDIUM] CWE-22 GHSA-52q3-cgph-xhf4: Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760.
GHSA
GHSA-9jjc-8wp4-j2mp: Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2010-0760 [HIGH] CWE-22 GHSA-9jjc-8wp4-j2mp: Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1
Multiple directory traversal vulnerabilities in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) file parameter to libraries/jquery/js/ui/jsloader.php and the (2) files[] parameter to libraries/jquery/js/jsloader.php, a different vector than CVE-2010-0759. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
VulnCheck
greatjoomla scriptegrator_plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
vulncheck·2010·CVSS 7.5
CVE-2010-0759 [HIGH] greatjoomla scriptegrator_plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
greatjoomla scriptegrator_plugin Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter, a different vector than CVE-2010-0760.
Affected: greatjoomla scriptegrator_plugin
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://tracker.crowdsec.net/cves/CVE-2010-0759
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id UPDATE
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id UPDATE"; flow:established,to_server; http.uri; content:"/add_comment.php?"; nocase; content:"post_id="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005050; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acces
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i INSERT
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i INSERT"; flow:established,to_server; http.uri; content:"/add_comment.php?"; nocase; content:"i="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005041; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techniqu
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i UPDATE
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i UPDATE"; flow:established,to_server; http.uri; content:"/list_comments.php?"; nocase; content:"i="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005056; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_tec
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i UNION SELECT
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i UNION SELECT"; flow:established,to_server; http.uri; content:"/list_comments.php?"; nocase; content:"i="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005052; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acc
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id DELETE
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id DELETE"; flow:established,to_server; http.uri; content:"/add_comment.php?"; nocase; content:"post_id="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005048; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acce
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i ASCII
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i ASCII"; flow:established,to_server; http.uri; content:"/add_comment.php?"; nocase; content:"i="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005043; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techniqu
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id UNION SELECT
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id UNION SELECT"; flow:established,to_server; http.uri; content:"/add_comment.php?"; nocase; content:"post_id="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005046; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i UPDATE
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i UPDATE"; flow:established,to_server; http.uri; content:"/add_comment.php?"; nocase; content:"i="; nocase; content:"UPDATE"; nocase; content:"SET"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005045; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id INSERT
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id INSERT"; flow:established,to_server; http.uri; content:"/add_comment.php?"; nocase; content:"post_id="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005047; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acce
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i SELECT
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i SELECT"; flow:established,to_server; http.uri; content:"/list_comments.php?"; nocase; content:"i="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005051; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_te
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id SELECT
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id SELECT"; flow:established,to_server; http.uri; content:"/add_comment.php?"; nocase; content:"post_id="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005044; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acce
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id ASCII
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php post_id ASCII"; flow:established,to_server; http.uri; content:"/add_comment.php?"; nocase; content:"post_id="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005049; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Acce
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i ASCII
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i ASCII"; flow:established,to_server; http.uri; content:"/list_comments.php?"; nocase; content:"i="; nocase; content:"ASCII("; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005055; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_te
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i INSERT
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i INSERT"; flow:established,to_server; http.uri; content:"/list_comments.php?"; nocase; content:"i="; nocase; content:"INSERT"; nocase; content:"INTO"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005053; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_te
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i DELETE
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- list_comments.php i DELETE"; flow:established,to_server; http.uri; content:"/list_comments.php?"; nocase; content:"i="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005054; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_te
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i UNION SELECT
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i UNION SELECT"; flow:established,to_server; http.uri; content:"/add_comment.php?"; nocase; content:"i="; nocase; content:"UNION"; nocase; content:"SELECT"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005040; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, m
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i DELETE
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i DELETE"; flow:established,to_server; http.uri; content:"/add_comment.php?"; nocase; content:"i="; nocase; content:"DELETE"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005042; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techniqu
Suricata
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2007-0759 [HIGH] ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i SELECT
ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS EasyMoblog SQL Injection Attempt -- add_comment.php i SELECT"; flow:established,to_server; http.uri; content:"/add_comment.php?"; nocase; content:"i="; nocase; content:"SELECT"; nocase; content:"FROM"; nocase; distance:0; reference:cve,CVE-2007-0759; reference:url,www.securityfocus.com/bid/22369; classtype:web-application-attack; sid:2005039; rev:9; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_11, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techniqu
Exploit-DB
Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
exploitdb·2010-02-18
CVE-2010-0760 Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
---
# Exploit Title: Core Design Scriptegrator plugin for Joomla! 1.5 file inclusion
# Author: S2 Crew [Hungary]
# Tested on: Debian Linux, Apache, Joomla! 1.5
# Code:
There's a file called jsloader.php which takes an array of file names
from the HTTP GET parameters and calls include() on every one of them.
-----------------8
-----------------8<-----------------------------------------------
The problem is that the only protection is the is_file() call (therefore it cannot
be used for remote file inclusion), so it's trivial to exploit this vulnerability to
execute the PHP interpreter on any file on the target system the httpd user can read.
Example:
http://server/plugins/system/cdscriptegrator/libraries/highslide/js/jsl
Nuclei
Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
nuclei·CVSS 7.5
CVE-2010-0759 [HIGH] Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequences in the files[] parameter.
Template:
id: CVE-2010-0759
info:
name: Joomla! Plugin Core Design Scriptegrator - Local File Inclusion
author: daffainfo
severity: high
description: A directory traversal vulnerability in plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php in the Core Design Scriptegrator plugin 1.4.1 for Joomla! allows remote attackers to read, and possibly include and execute, arbitrary files via directory traversal sequ
http://packetstormsecurity.org/1002-exploits/joomlascriptegrator-lfi.txthttp://secunia.com/advisories/38637http://www.exploit-db.com/exploits/11498http://www.osvdb.org/62486http://www.securityfocus.com/bid/38296https://exchange.xforce.ibmcloud.com/vulnerabilities/56380http://packetstormsecurity.org/1002-exploits/joomlascriptegrator-lfi.txthttp://secunia.com/advisories/38637http://www.exploit-db.com/exploits/11498http://www.osvdb.org/62486http://www.securityfocus.com/bid/38296https://exchange.xforce.ibmcloud.com/vulnerabilities/56380
2010-02-27
Published
Exploited in the wild