header-logo
Suggest Exploit
vendor:
Joomla Component wmtPic
by:
**RoAd_KiLlEr**
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Joomla Component wmtPic
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: a:webmaster-tips:joomla_component_wmtpic
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP2/SP3
2011

Joomla Component com_wmtpic SQL Injection Vulnerability

A SQL injection vulnerability exists in Joomla component com_wmtpic, due to improper sanitization of user-supplied input in the 'Itemid' parameter. An attacker can exploit this vulnerability to execute arbitrary SQL commands in the application's database, allowing for the manipulation or disclosure of arbitrary data.

Mitigation:

Upgrade to the latest version of Joomla component com_wmtpic.
Source

Exploit-DB raw data:

1                ###########################################           1
0                I'm **RoAd_KiLlEr**  member from Inj3ct0r Team        1
1                ###########################################           0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+]Title     : Joomla  Component  com_wmtpic  SQL Injection Vulnerability
[+]Author    : **RoAd_KiLlEr**
[+]Contact   : RoAd_KiLlEr[at]Khg-Crew[dot]Ws
[+]Tested on : Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws 
[~] Home: http://a-h-crew.net    
[~] Vendor: http://www.webmaster-tips.net
[~] Download App:http://www.webmaster-tips.net/Download/View-details/9-Joomla-Components/183-Joomla-1.5-Flash-Gallery-wmtPic.html
==========ExPl0iT3d by **RoAd_KiLlEr**==========

[+]Description:
Flash based image gallery for Joomla. Joomla component wmtPic, with thumbnail support, caption and multiple file upload option. Although it is not a must, it is better to put a link back to this site "Joomla component by Webmaster-tips.net " on your website if you can. This Joomla 1.5 Component is licensed under the GPLv2.0.

=========================================

[+] Dork: inurl:"com_wmtpic"

==========================================


[+].  SQL-i Vulnerability
=+=+=+=+=+=+=+=+=+

[Exploit]:  http://127.0.0.1/path/index.php?option=com_wmtpic&Itemid=[] <== SQL-i

Navigation

Suggest Exploit

Services By CQR