Joomla QuickFAQ Blind SQL Injection

Type packetstorm
Reporter RoAd_KiLlEr
Modified 2010-07-09T00:00:00


Joomla Component (com_quickfaq) BSQL-i Vulnerability  
[+]Title Joomla Component (com_quickfaq) BSQL-i Vulnerability  
[+]Author **RoAd_KiLlEr**  
[+]Contact RoAd_KiLlEr[at]Khg-Crew[dot]Ws  
[+]Tested on Win Xp Sp 2/3  
[~] Founded by **RoAd_KiLlEr**  
[~] Team: Albanian Hacking Crew  
[~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws  
[~] Home:  
[~] Vendor:  
[~] Download Application:  
[~] Version: 1.0.3  
==========ExPl0iT3d by **RoAd_KiLlEr**==========  
QuickFAQ is an easy to use but powerful FAQ management system.  
Feature List:  
* Unlimited Subcategories  
* Assign FAQ Items to multiple Categories  
* Create Tags/Labels to flag FAQ Items  
* Up/down voting of FAQ Items  
* Favoure FAQ Items to maintain a personal bookmark list  
* Document uploader/manager  
* PDF creation of FAQ Items  
* RTL support  
* RSS/ATOM Feeds  
* Detailed statistics  
* JComments and JomComments integration  
[+] Dork: inurl:"com_quickfaq"  
[+]. SQL-i Vulnerability  
[Exploit]:[Valid Cid]&Itemid= [BSQL-Injection]