Joomla JSupport 1.5.6 SQL Injection

`# Exploit Title: Joomla Component com_jsupport SQL Injection Vulnerability  
# Date: 12.11.2010  
# Author: Valentin  
# Category: webapps/0day  
# Version: 1.5.6  
  
# Tested on:  
# CVE :   
# Code :   
  
  
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]  
>> General Information   
Advisory/Exploit Title = Joomla Component com_jsupport SQL Injection Vulnerability  
Author = Valentin Hoebel  
Contact = [email protected]  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]  
>> Product information  
Name = JSupport  
Vendor = Extension Depot  
Vendor Website = http://www.extensiondepot.com/extensions/jsupport.html  
Affected Version(s) = 1.5.6  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]  
>> SQL Injection  
This vulnerability can be found by viewing the component in the Joomla administrator  
backend.  
  
Examples:  
administrator/index.php?option=com_jsupport&task=listTickets&alpha=[SQL Injection]  
administrator/index.php?option=com_jsupport&task=listFaqs&alpha=[SQL Injection]  
  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]  
>> Additional Information  
Advisory/Exploit Published = 12.11.2010  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]  
>> Misc  
Greetz = cr4wl3r, JosS, packetstormsecurity.org, exploit-db.com  
  
  
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]  
`