Mambo / Joomla SQL Injection Vulnerability

Mambo / Joomla SQL Injection Vulnerability

Web Services News

How To News

Now, salsa lessons from soccer star Nobby Solano

TV show 'Dallas' set to make a comeback

Dallas To Return To Tv

Former Puerto Rico baseball star relishes work, still going strong at 104 years old

Top Colombian salsa band eyes Bollywood

Colombian Salsa music troupe to perform in Delhi

Shakira Video Songs: Celebrating The Spirit

Supreme Court Justice Sonia Sotomayor returns to old Bronx elementary school

Latin Star Aguabella Dies

Latin jazz percussionist Aguabella, who played with Sinatra and Paul Simon, dies in LA at 84

RELATED NEWS

By Angsuman Chakraborty, Gaea News Network
Monday, June 19, 2006

rgod has discovered a vulnerability in Mambo & Joomla, which can be exploited to conduct SQL injection attacks.

Input passed to the “Name” field when submitting a web link isn’t properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability has been confirmed in Mambo version 4.5.3h and has also been reported in version 4.6rc1. Other versions may also be affected.

Exploit:
https://retrogod.altervista.org/mambo_46rc1_sql.html

Solution:
Edit the source code to santize the name field data.

via Secunia

Filed under: CMS Software, Computer Security, Headline News, How To, PHP, Web, Web Services

Discuss Bellow

YOUR VIEW POINT

NAME :	(REQUIRED)
MAIL :	(REQUIRED) will not be displayed
WEBSITE :	(OPTIONAL)

YOUR COMMENT :
	Submit Notify me of followup comments via e-mail

LONDON - Reports are abuzz that footballer Nobby Solano is using his nifty footwork to give dancing ...

LONDON - Admirers of 'Dallas' would be delighted to know that the television series is making...

Beloved soap DALLAS is to be updated for the small screen after efforts to turn the project into...

Ex-Puerto Rico baseball star still working at 104PONCE, Puerto Rico ? Emilio Navarro swivels his hip...

NEW DELHI - The Colombian salsa melody, an energetic version of traditional Cuban, Puerto Rican, Car...

NEW DELHI - Salsa, the scintillating Latino dance music from Colombia, will set the capital rocking ...

JOHANNESBURG, SOUTH AFRICA (Gaeatimes.com)- Shakira's official FIFA World Cup song which became ...

Sonia Sotomayor returns to her old Bronx school NEW YORK — U.S. Supreme Court Justice Soni...

Latin percussionist FRANCISCO AGUABELLA, who worked with FRANK SINATRA and PEGGY LEE, has died. He w...

Latin percussionist Francisco Aguabella dies at 84LOS ANGELES ? Francisco Aguabella, the Cuban-born ...

Older News