This exploit abuses a feature of Symfony2's web profiler allowing anyone to inject and explain SQL queries.
$ python sf2-profiler-sqli.py --url http://localhost/ --table example_user --columns id,username,password
The above example extracts the id,username and password of each example_user table record and display their contents.