[Canvas] D2 Elliot 1.5, April 25 2016

DSquare Security sales at d2sec.com
Tue Apr 26 17:49:15 EDT 2016


D2 Elliot has been updated with 27 new web exploits, including 7 0days. 
Now you have more than 500 exploits available in D2 Elliot. Payloads and 
workflows have been improved. 

This release is focused on Joomla. So we added dedicated workflows for 
plugins scanning, user guessing, login bruteforcing and backdooring. The
bonus is a 0day for Joomla 1.5.x perfectly working for the last release
1.5.26.

D2 Elliot Web Exploitation Framework is regularly updated with new exploits 
and tools to keep a high level of efficiency. If you need customized exploits 
or tools please contact us at info at d2sec.com 

For sales inquiries and orders, please contact sales at d2sec.com

--
DSquare Security, LLC
http://www.d2sec.com 


Changelog:

0days - Added:
 ZE-8 - eclime 1.1.3b LFI
 ZE-9 - VBSEO 3.6.0 RCE
 ZE-10 - appRain SQL Injection
 ZE-11 - Livecart File Upload
 ZE-12 - Bilboplanet SQL Injection
 ZE-13 - Joomla! 1.5.26 SQL Injection
 ZE-14 - OpenEMR 4.2.0 vitals/view.php SQL Injection

Exploits - Added:
 E-495 - OpenMRS Reporting Module 0.9.7 RCE
 E-496 - MyBB 1.8.2 RCE
 E-497 - Symphony 2.6.3 SQL Injection
 E-498 - Exponent 2.3.7 RCE
 E-499 - Joomla Component com_realestate 3.7 SQL Injection
 E-500 - Joomla Component com_pricelist 3.2.1 SQL Injection
 E-501 - Joomla Component com_mydyngallery SQL Injection
 E-502 - Joomla Component com_helpdeskpro SQL Injection
 E-503 - Joomla Component com_jomestate 1.0 SQL Injection
 E-504 - Joomla Component com_hikashop 2.3.2 RCE
 E-505 - Joomla Component com_hikashop LFI
 E-506 - WordPress Simple Ads Manager 2.9.4.116 SQL Injection
 E-507 - phpMoAdmin RCE
 E-508 - Joomla! Administrator File Upload [Templates]
 E-509 - RCE Generic
 E-510 - Joomla! Administrator File Upload [Templates]
 E-511 - Joomla Component com_easy_youtube_gallery 1.0.2 SQL Injection
 E-512 - Wordpress WP Symposium 15.1 SQL Injection
 E-513 - Joomla! Administrator File Upload [Extensions]
 E-514 - WordPress Advanced Video Embed File Disclosure

Payloads - Added:
 P-71 - Python

Workflows - Added:  
 W-49 - Joomla module scanner
 W-50 - Joomla bruteforcer
 W-51 - MySQL Shell Write



More information about the Canvas mailing list