arab nationalist party (baath-party) vuln

###################################################################

# Exploit Title : arab nationalist party vuln
# Author [ Discovered By ] : At0m - Turkish Defacer and Bug Resarcher
# Tested On : Windows and Linux
# host : http://www.baath-party.org/
# no firewall detected
# joomla version : 1.7
# admin login : http://www.baath-party.org/administrator/


[+] Core Joomla Vulnerability
[++] Joomla! < 1.7.0 - Multiple Cross-Site Scripting Vulnerabilities
EDB : https://www.exploit-db.com/exploits/36176/
                                                                                                                                                
Joomla! 'redirect.php' SQL Injection Vulnerability                                                                                              
EDB : https://www.exploit-db.com/exploits/36913/                                                                                                
                                                                                                                                                
Joomla! 1.5 < 3.4.5 - Object Injection Remote Command Execution                                                                                 
CVE : CVE-2015-8562                                                                                                                             
EDB : https://www.exploit-db.com/exploits/38977/                                                                                                
                                                                                                                                                
Joomla! 1.0 < 3.4.5 - Object Injection 'x-forwarded-for' Header Remote Code Execution                                                           
CVE : CVE-2015-8562 , CVE-2015-8566                                                                                                             
EDB : https://www.exploit-db.com/exploits/39033/                                                                                                
                                                                                                                                                
Joomla! Core Remote Privilege Escalation Vulnerability                                                                                          
CVE : CVE-2016-9838                                                                                                                             
EDB : https://www.exploit-db.com/exploits/41157/                                                                                                
                                                                                                                                                
Joomla! 1.6/1.7/2.5 privilege escalation vulnerability                                                                                          
CVE : CVE-2012-1563                                                                                                                             
EDB : https://www.exploit-db.com/exploits/41156/                                                                                                
                                                                                                                                                
PHPMailer Remote Code Execution Vulnerability                                                                                                   
CVE : CVE-2016-10033                                                                                                                            
https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection                                                                    
https://github.com/opsxcq/exploit-CVE-2016-10033                                                                                                
EDB : https://www.exploit-db.com/exploits/40969/                                                                                                
                                                                                                                                                
PPHPMailer Incomplete Fix Remote Code Execution Vulnerability                                                                                   
CVE : CVE-2016-10045                                                                                                                            
https://www.rapid7.com/db/modules/exploit/multi/http/phpmailer_arg_injection                                                                    
EDB : https://www.exploit-db.com/exploits/40969/ 


--------------------------------------------------
Interesting path found from robots.txt                                                                                                          
http://www.baath-party.org/joomla/administrator/                                                                                                
http://www.baath-party.org/administrator/                                                                                                       
http://www.baath-party.org/cache/                                                                                                               
http://www.baath-party.org/components/                                                                                                          
http://www.baath-party.org/images/                                                                                                              
http://www.baath-party.org/includes/                                                                                                            
http://www.baath-party.org/installation/                                                                                                        
http://www.baath-party.org/language/                                                                                                            
http://www.baath-party.org/libraries/                                                                                                           
http://www.baath-party.org/logs/                                                                                                                
http://www.baath-party.org/media/                                                                                                               
http://www.baath-party.org/modules/                                                                                                             
http://www.baath-party.org/plugins/                                                                                                             
http://www.baath-party.org/templates/                                                                                                           
http://www.baath-party.org/tmp/ 
--------------------------------------------


#[+] https://en.wikipedia.org/wiki/Arab_Socialist_Ba%27ath_Party_%E2%80%93_Syria_Region - official website
# Thanks to m3t4l