This writeup describes an SQL injection vulnerability in Mambo CMS <= 4.5.4, allowing authentication bypass via manipulated cookie values. The exploit leverages improper sanitization of the password field when passed via cookies, enabling an attacker to log in as any user, including admin, and potentially execute arbitrary PHP code.
Classification
Writeup 90%
Target:
Mambo CMS <= 4.5.4
No auth needed
Prerequisites:
Access to the Mambo login page · Ability to send crafted cookies