header-logo
Suggest Exploit
vendor:
Joomla Simple Photo Gallery
by:
Mr.Moneer
7.5
CVSS
HIGH
SQL injection
89
CWE
Product Name: Joomla Simple Photo Gallery
Affected Version From: 1
Affected Version To: 1
Patch Exists: YES
Related CWE: N/A
CPE: a:apptha:joomla_simple_photo_gallery
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: sqlmap
2015

Joomla Simple Photo Gallery – SQL injection

A SQL injection vulnerability exists in Joomla Simple Photo Gallery component version 1, which allows an attacker to execute arbitrary SQL commands via the 'albumid' parameter in a 'index.php?option=com_simplephotogallery&view=images' request.

Mitigation:

Upgrade to the latest version of Joomla Simple Photo Gallery component.
Source

Exploit-DB raw data:

#======================================================================================
#  Title : Joomla Simple Photo Gallery - SQL injection
#
#  Author : Mr.Moneer
#
#  Dork Google 1: inurl:/com_simplephotogallery site:com
#  Dork Google 2: inurl:/com_simplephotogallery site:org
#  Dork Google 3: inurl:/com_simplephotogallery site:fr
#  Dork Google 4: inurl:/com_simplephotogallery/
#
# Date : 13-03-2015
#
#
# Vendor Homepage: https://www.apptha.com/
#
# Source Plugin:
https://www.apptha.com/category/extension/joomla/simple-photo-gallery
#
# Version : 1
#
# Tested on : sqlmap
#
#======================================================================================
#
#  Example :
#
#
http://www.site.com/index.php?option=com_simplephotogallery&view=images&albumid=[Sqli]
#
#
#  video Demo :  http://youtu.be/-QjCMAB3vrg
#
#   facebook : https://www.facebook.com/moneer.massoud
#   youtube  : https://www.youtube.com/user/moneermasoud
#   google+  : https://plus.google.com/u/0/+moneermassoud
#
#
#
#   Greets To : Alansary | Moad Hack | Ly Ghost
#
#======================================================================================

Navigation

Suggest Exploit

Services By CQR