https://www.exploit-db.com/exploits/24614
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200409-050

MamboOpenSource是一套基于PHP和MySql的开源网站内容管理系统（CMS）。该系统支持搜索引擎优化、模板/主题下载和流量统计等。MamboServer存在输入验证错误，远程攻击者可以利用这个漏洞以WEB进程权限执行任意命令或进行跨站脚本攻击。JoseAntonioCoret(JoxeanKoret)报告在Cache_library中存在一个文件包含错误，允许远程攻击者指定远程的恶意文件作为’mosConfig_absolute_path’参数值，导致目标服务器包含此恶意文件并执行。另外’index.php’脚本没有正确对Itemid、mosmsg和limit参数进行检查，构建恶意的URL链接，诱使用户访问，可导致敏感信息泄露，如用户用于验证的COOKIE信息。’Function.php’存在输入验证漏洞，远程攻击者可能利用此漏洞在主机上执行任意命令。

source: http://www.securityfocus.com/bid/11220/info

Mambo open source is reportedly affected by multiple input validation vulnerabilities. These issues are due to a failure of the application to properly validate user-supplied URI parameters.

An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer, to carry out cross-site scripting attacks, and to make SLQ injection attacks against the vulnerable application.

http://www.example.com/index.php?option=com_content&task=view&id=15&Itemid=2&limit=1"><script>alert(document.cookie)</script>&limitstart=1

来源:BID
名称:11220
链接:http://www.securityfocus.com/bid/11220
来源:OSVDB
名称:10179
链接:http://www.osvdb.org/10179
来源:mamboforge.net
链接:http://mamboforge.net/frs/shownotes.php?release_id=1672
来源:XF
名称:mambo-multiple-xss(20616)
链接:http://xforce.iss.net/xforce/xfdb/20616
来源:BUGTRAQ
名称:20040918VulnerabilitiesinTUTOS
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109571849713158&w;=2