Joomla VideoFlow 1.2.0 SQL Injection

Exploit Title: Joomla VideoFlow 1.2.0 - SQL Injection Exploit Author: Persian Hack Team Discovered by : Mojtaba MobhaM Mojtaba Kazemi Vendor Home : https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/videoflow/ My Home : http://persian-team.ir/ Google Dork :...

Joomla! Component onisQuotes 2.5 - tag SQL Injection

Joomla! Component onisQuotes 2.5 - tag SQL Injection Exploit Title: Joomla Component onisQuotes 2.5 - SQL Injection Date: 2017-02-11 Home : https://extensions.joomla.org/extensions/extension/news-display/quotes/onisquotes/ Exploit Author: Persian Hack Team Discovered by : Mojtaba MobhaM...

Zarafe CMS 1.0 Cross Site Request Forgery

Exploit Title : Zarafe CMS 1.0 / CSRF Rest Admin Password Exploit Author : Persian Hack Team Vendor Homepage : http://www.zarrafeh.net/ Category: Webapps Tested on: Win Version: 1.0 Date: 2016/08/27 PoC: Exploit codes: ================ Rest Admin Password The Code for zarafe.html is Zarafe CMS CS...

WordPress Plugin Lazy Content Slider 3.4 - Cross-Site Request Forgery (Add Catetory)

WordPress Plugin Lazy Content Slider 3.4 - Cross-Site Request Forgery Add Catetory Exploit Title : WordPress Lazy content Slider Plugin - CSRF Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : https://wordpress.org/support/view/plugin-reviews/lazy-content-slider Category: Webapps...

WordPress Plugin Lazy Content Slider 3.4 - Cross-Site Request Forgery (Add Catetory)

Exploit Title : WordPress Lazy content Slider Plugin - CSRF Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : https://wordpress.org/support/view/plugin-reviews/lazy-content-slider Category: Webapps Tested on: Win Version: 3.4 Date: 2016/07/08 PoC: The vulnerable page is...

WordPress Lazy Content Slider 3.4 Cross Site Request Forgery

Exploit Title : WordPress Lazy content Slider Plugin - CSRF Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : https://wordpress.org/support/view/plugin-reviews/lazy-content-slider Category: Webapps Tested on: Win Version: 3.4 Date: 2016/07/08 PoC: The vulnerable page is...

Joomla Catfiltering 1.5.4 SQL Injection

Exploit Title : Joomla comcatfiltering - SQL Injection Exploit Author : Persian Hack Team Google Dork : inurl:index.php?option=comcatfiltering Category: Webapps Tested on: Win Version: 1.5.4 Date: 2016/06/14 PoC: flt1= Get Parameter Vulnerable To SQL Demo :...

Joomla! Component com_payplans 3.3.6 - SQL Injection

Exploit Title : Joomla compayplans - SQL Injection Exploit Author : Persian Hack Team Vendor Homepage : http://extensions.joomla.org/extension/payplans Category: Webapps Tested on: Win Version: 3.3.6 Date: 2016/06/08 PoC: groupid Parameter Vulnerable To SQL Demo :...

Joomla Maqma Helpdesk 4.2.3 Cross Site Scripting

Exploit Title : Joomla commaqmahelpdesk - XSS Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://extensions.joomla.org/extension/maqma-helpdesk Category: Webapps Tested on: Win Date: 2016/06/09 Version : 4.2.3 PoC: Add Your Tiket sometimes you must login First in Message Te...

Joomla iCagenda 3.5.15 Cross Site Scripting

Exploit Title : Joomla iCagenda Cross Site Scripting Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://extensions.joomla.org/extension/calendars-a-events/icagenda Google Dork : inurl:index.php?option=comicagenda Date: 2016/03/22 Version: 3.5.5 up to 3.5.15 Payload : " Demo...

A.Shop 3.9.3 Cross Site Scripting

Exploit Title : A.Shop 3.9.3 Cross Site Scripting Exploit Author : Persian Hack Team Vendor Homepage : http://www.ashopsoftware.com/tour-dx/shopping-cart-catalog.htm Google Dork : inurl:"/ashop/catalogue.php?cat= " Date: 2016/02/12 Version = 3.9.3 PoC: msg=XSS Payload = alert1;...

SMEweb 1.5f Cross Site Scripting / SQL Injection

Exploit Title : SMEweb 1.5f Multiple Vulnerability Exploit Author : Persian Hack Team Vendor Homepage : http://www.ebizzi.net/ Google Dork : "Powered by SMEweb" Date: 2016/02/07 Version: 1.5f PoC: 1-Admin Page Bypass Username : '=''or' Password : '=''or' Demo :...

gnCMS Remote PHP Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title : gnCMS Remote PHP Code Execution Exploit Author : Persian Hack Team Vendor Homepage : www.groupnet.gr Google Dork : "powered by gnCMS" Version : 1.0.1 Date: 2015/12/19 PoC: Vulnerable Paramter module= Demo:...