MrSleep

When I hit
http://www.piratesahoy.net/component/option,com_akogallery/Itemid,36/func,detail/id,22'/

, I get the following error:

Notice: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 3 in /var/www/html/includes/database.php on line 202


Any help will be greatly appeciated.

Thanks
MrSleep

novocaine

Note the apostrophe after the 22? This causes the error
[...]id,22'/
If you click the below link, you'll see that there is no error:
http://www.piratesahoy.net/component...,detail/id,22/

__________________
Visit ThinkMambo - home of TMEdit and XHTMLSuite
WYSIWYG editors for Mambo Open Source

MrSleep

Right, but hacker can exploit with:

http://www.piratesahoy.net/index.php...okie)</script>

Cross-Site Scripting via Multiple SQL Injection Vulnerabilities!!!

The script is vulnerable to SQL injections. The injection opportunity is after the "ORDER BY" keywords in the SQL query, so the "UNION" method will not work to exploit this opportunity. However, Akog displays SQL error messages (implemented in database.php.) Therefore, an attacker could pass in script code as part of the injected SQL that generates an SQL error, thereby transforming the SQL injection vulnerability into a cross-site scripting vulnerability. One example of this technique is with SQL injection in it:

http://host/index.php?option=com_ako...unc=detail&id=[SQL code]

which could be exploited as:
http://host/index.php?option=com_ako...unc=detail&id=[SQL code]><script>alert(document.cookie)</script>

earlier is vulnerable.