SQL injection
One of the most common Joomla! hacks is via a SQL injection, where a hacker is able to execute their own SQL commands on your website, which pretty much allows them to do whatever they like. Usually a hacker exploiting a SQL injection vulnerability will give themselves super admin access to your site, then depending on their motives, they may deface or break your site, or perhaps insert their own malicious code to infect your website visitors with malware.
You can avoid SQL injections by never trusting your users and always sanitizing any input. If you are expecting an integer, then cast the input as an int to be 100 percent sure.
The information I'm about to share with you should be used for good and not evil. Black hat hackers should be warned that each time you use this for evil, a cute kitten dies, and you become significantly less attractive to the opposite sex. Not to mention that in most jurisdictions it's a criminal offense!
Let's assume that you wanted to find the username...
