Mambo Open Source Index.PHP SQL Injection Vulnerability
BID:9891
Info
Mambo Open Source Index.PHP SQL Injection Vulnerability
| Bugtraq ID: | 9891 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 16 2004 12:00AM |
| Updated: | Mar 16 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to JeiAr <[email protected]>. |
| Vulnerable: |
Mambo Mambo Open Source 4.5 (1.0.3beta) Mambo Mambo Open Source 4.5 (1.0.3) Mambo Mambo Open Source 4.5 (1.0.2) Mambo Mambo Open Source 4.5 (1.0.1) Mambo Mambo Open Source 4.5 (1.0.0) |
| Not Vulnerable: | |
Discussion
Mambo Open Source Index.PHP SQL Injection Vulnerability
It has been reported that the Mambo 'index.php' script is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input.
As a result of this a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue.
It has been reported that the Mambo 'index.php' script is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input.
As a result of this a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue.
Exploit / POC
Mambo Open Source Index.PHP SQL Injection Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/index.php?option=content&task=view&id=[SQL]&Itemid=[VID]
http://www.example.com/index.php?option=content&task=category§ionid=[VID]&id=[SQL]&Itemid=[VID]
http://www.example.com/index.php?option=content&task=category§ionid=[VID]&id=[SQL]&Itemid=[VID]
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/index.php?option=content&task=view&id=[SQL]&Itemid=[VID]
http://www.example.com/index.php?option=content&task=category§ionid=[VID]&id=[SQL]&Itemid=[VID]
http://www.example.com/index.php?option=content&task=category§ionid=[VID]&id=[SQL]&Itemid=[VID]
Solution / Fix
Mambo Open Source Index.PHP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Mambo Open Source Index.PHP SQL Injection Vulnerability
References:
References:
- Mambo Open Source Homepage (Mambo)
- Mambo Open Source Multiple Vulnerabilities (JeiAr