Info # Exploit Title : Joomla HD FLV Player 2.1.0.1 and below SQL Injection
#
# Exploit Author : Claudio Viviani
#
# Vendor Homepage : http://www.hdflvplayer.net/
#
# Software Link : http://www.hdflvplayer.net/download_count.php?pid=5
#
# Dork google 1: inurl:/component/hdflvplayer/
# Dork google 2: inurl:com_hdflvplayer #
# Date : 2014-11-11
#
# Tested on : BackBox 3.x/4.x
#
# Info: The variable "id" is not sanitized (again)
# Over 80.000 downloads (statistic reported on official site)
#
#
# Video Demo: http://youtu....
THE PROJECT WAS MOVED TO GITHUB: https://github.com/claudioviviani/wordbrutepress
Intro Dopo aver pubblicato vari exploit e vulnerabilità, sono tornato a scrivere un articolo dove poter condividere piccole nozioni tecniche che ho acquisito recentemente.
Negli ultimi mesi mi sono dedicato soprattutto ad analizzare codici php di vari plugins wordpress e alla programmazione in python.
Dato che molte vulnerabilità dei plugins wordpress richiedevano un utente (privilegiato e non) con accesso all’area riservata ho pensato: perché non scrivere gli exploit in python per automatizzare il tutto?...
claudio@backbox3:~$ python j00m_com_rd_download_sql_injection.py -t http://127.0.0.1
_______ __ | _ .-----.-----.--------| .---.-. |___| | _ | _ | | | _ | |. | |_____|_____|__|__|__|__|___._| |: 1 | |::.. . | `-------' _______ ______ ______ __ __ | _ | _ \ | _ \ .-----.--.--.--.-----| .-----.---.-.--| |
|. l |. | \ |. | \| _ | | | | | | _ | _ | _ |
|. _ |....
$$$$$\ $$\ $$$$$$\ $$\ $$\
\__$$ | $$ | $$ __$$\ \__| $$ |
$$ | $$$$$$\ $$$$$$\ $$$$$$\$$$$\ $$ | $$$$$$\ $$ / \__| $$$$$$\ $$\ $$$$$$$ | $$$$$$\ $$$$$$\
$$ |$$ __$$\ $$ __$$\ $$ _$$ _$$\ $$ | \____$$\ \$$$$$$\ $$ __$$\ $$ |$$ __$$ |$$ __$$\ $$ __$$\
$$\ $$ |$$ / $$ |$$ / $$ |$$ / $$ / $$ |$$ | $$$$$$$ | \____$$\ $$ / $$ |$$ |$$ / $$ |$$$$$$$$ |$$ | \__|
$$ | $$ |$$ | $$ |$$ | $$ |$$ | $$ | $$ |$$ |$$ __$$ | $$\ $$ |$$ | $$ |$$ |$$ | $$ |$$ ____|$$ |
\$$$$$$ |\$$$$$$ |\$$$$$$ |$$ | $$ | $$ |$$ |\$$$$$$$ | \$$$$$$ |$$$$$$$ |$$ |\$$$$$$$ |\$$$$$$$\ $$ |
\______/ \______/ \______/ \__| \__| \__|\__| \_______| \______/ $$ ____/ \__| \_______| \_______|\__|
$$ |
$$ |
\__|
$$$$$$\ $$\ $$\ $$\ $$$$$$\ $$$$$$\
$$ __$$\ $$ | $$ | $$$$ | $$ ___$$\ $$ __$$\
$$ / \__| $$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$\ $$$$$$$\ $$$$$$\ $$$$$$$\ \_$$ | \_/ $$ | $$ / \__|
$$ | $$ __$$\ $$ __$$\_$$ _| \____$$\ $$ _____|\_$$ _| $$ _____| $$ | $$$$$ / $$$$$$$\
$$ | $$ / $$ |$$ | $$ | $$ | $$$$$$$ |$$ / $$ | \$$$$$$\ $$ | \___$$\ $$ __$$\
$$ | $$\ $$ | $$ |$$ | $$ | $$ |$$\ $$ __$$ |$$ | $$ |$$\ \____$$\ $$ | $$\ $$ | $$ / $$ |
\$$$$$$ |\$$$$$$ |$$ | $$ | \$$$$ |\$$$$$$$ |\$$$$$$$\ \$$$$ |$$$$$$$ | $$$$$$\ $$\$$$$$$ |$$\ $$$$$$ |
\______/ \______/ \__| \__| \____/ \_______| \_______| \____/ \_______/ \______|\__|\______/ \__|\______/
j00ml4 Spid3r C0nt4cts <= 1....