Google Search: inurl:com_remository
renegade334 rates this entry 8 out of 10.
Submitted: 2004-09-29 00:00:00
Added by: renegade334
It is reported that the ReMOSitory module for Mambo is prone to an SQL injection vulnerability. This issue is due to a failure of the module to properly validate user supplied URI input. Because of this, a malicious user may influence database queries in order to view or modify sensitive information, potentially compromising the software or the database. It may be possible for an attacker to disclose the administrator password hash by exploiting this issue.Full report: http://www.securityfocus.com/bid/11219Klouw suggests: inurl:index.php?option=com_remository&Itemid= Renegade added : “.. to get an administrator login, change the url to http://www.example.com/administrator .. it will pop up an login box…
2004-10-03 05:21:49 (mmargog): not working
or I dont now haw i do it