Search...

Joomla onisMusic 2 SQL Injection

2017-02-12T00:00:00

ID PACKETSTORM:141036
Type packetstorm
Reporter Mojtaba MobhaM
Modified 2017-02-12T00:00:00

Description

                                        
                                            `# Exploit Title: Joomla Component onisMusic 2 - SQL Injection  
# Date: 2017-02-11  
# Home : https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/onismusic/  
# Exploit Author: Persian Hack Team  
# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com)  
# Home : http://persian-team.ir/  
# Telegram Channel AND Demo: @PersianHackTeam  
# Google Dork : inurl:option=com_onismusic  
# Tested on: Linux  
  
# POC :  
# tag Parameter Vulnerable to SQL Injection  
# http://www.Target.com/index.php?option=com_onismusic&view=songs&tag=[SQL]  
  
# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members  
# Iranian white hat Hackers  
  
`

JSON Vulners Source

Initial Source

{"title": "Joomla onisMusic 2 SQL Injection", "published": "2017-02-12T00:00:00", "references": [], "type": "packetstorm", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2017-02-13T17:04:58"}, "vulnersScore": 7.5}, "cvelist": [], "sourceData": "`# Exploit Title: Joomla Component onisMusic 2 - SQL Injection \n# Date: 2017-02-11 \n# Home : https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/onismusic/ \n# Exploit Author: Persian Hack Team \n# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com) \n# Home : http://persian-team.ir/ \n# Telegram Channel AND Demo: @PersianHackTeam \n# Google Dork : inurl:option=com_onismusic \n# Tested on: Linux \n \n# POC : \n# tag Parameter Vulnerable to SQL Injection \n# http://www.Target.com/index.php?option=com_onismusic&view=songs&tag=[SQL] \n \n# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members \n# Iranian white hat Hackers \n \n`\n", "viewCount": 16, "hash": "487dcbf83bc216bfb9c3ad2c520347a3287c4e43a5dc86a6b691a504b562201d", "sourceHref": "https://packetstormsecurity.com/files/download/141036/joomlaonismusic2-sql.txt", "id": "PACKETSTORM:141036", "modified": "2017-02-12T00:00:00", "history": [], "href": "https://packetstormsecurity.com/files/141036/Joomla-onisMusic-2-SQL-Injection.html", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "ae8dc6bed7898a1d82c1b12a633a2aa6", "key": "href"}, {"hash": "3d99ce29530b5a6482bf5794ec198955", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "3d99ce29530b5a6482bf5794ec198955", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "22199c92ec48ba055dc0101f7e859d80", "key": "reporter"}, {"hash": "c9267ce30b73b9d874e9e1fa7f5320eb", "key": "sourceData"}, {"hash": "3544ca31ec9cef2e8272438cf8a25f24", "key": "sourceHref"}, {"hash": "db1af731eccc5f4de5e3d317debb759e", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}], "objectVersion": "1.2", "edition": 1, "description": "", "bulletinFamily": "exploit", "reporter": "Mojtaba MobhaM", "cvss": {"vector": "NONE", "score": 0.0}, "lastseen": "2017-02-13T17:04:58"}