Joomla JVideoClip Blind SQL Injection

2013-09-21T00:00:00
ID PACKETSTORM:123340
Type packetstorm
Reporter SixP4ck3r
Modified 2013-09-21T00:00:00

Description

                                        
                                            `================================================================================  
Joomla Component com_jvideoclip (cid|uid|id) Blind SQL Injection / SQL Injection  
================================================================================  
  
Author : SixP4ck3r  
Email & msn : SixP4ck3r@Bolivia.com  
Date : 21 Sept 2013  
Critical Lvl : Medium  
Impact : Exposure of sensitive information  
Where : From Remote  
Blog : http://sixp4ck3r.blogspot.com/  
Credits : To my love!  
Dork : inurl:com_jvideoclip  
  
---------------------------------------------------------------------------  
  
[Exploting..Bug..Demo..]  
  
http://example/index.php?option=com_jvideoclip&view=search&type=user&uid=[SQLi]&Itemid=6  
  
[Blind SQL Injection]  
http://example/index.php?option=com_jvideoclip&view=search&type=user&uid=[bSQLi]&Itemid=6  
  
---------------------------------------------------------------------------  
  
SixP4ck3r from Bolivia  
___EOF____  
`