Hello people,

I work on new web site based on latest Joomla version and after the first draft with SEBLOD I cheked the security and discover SQL injection vulnerabilities.

I would to know if someone is interested by this topic (can be useful to start a discussion ^^) and have already worked on that to provide advise.

Thanks in advance and have fun :)

FYI, I use iKare tool for security audit and it provides the following output as example:

<pre>

Some SQL injection vulnerabilities have been detected on the web application. That may allow an attacker to read, write and/or delete data stored in the database.

References: URL: https://www.owasp.org/index.php/SQL_Injection OWASP: OWASP-DV-005

The following SQL injection vulnerabilities were detected on the resource at this location: https://xxx.html

Request URL: https://xxx.html Request Method: POST Vulnerability Title: SQL Injection: Union based detection Vulnerability Type: Union based detection Vulnerable Param: task Request Payload: ' UNION SELECT "jTKDMxDUNg" ; --

</pre>