Author: Jose Carlos Nieto.
Date: Jan 08, 2008
Severity: Mild
There exists a Cross Site Scripting security hole in Joomla 1.0.13.
Background
=========
*Joomla!* is a free , open source content management system for publishing content
on the world wide web and intranets .
Joomla! is licensed under the GPL , and is the result of a fork of Mambo .
Severity
=======Mild. It requires an administrator to be logged in and to be tricked into a specially
crafted webpage.
Summary
======Joomla! has no CSRF protection. A malicious user can trick an administrator into viewing
a specially crafted webpage containing an exploit, this exploit can execute (without permission)
any command the administrator would normally execute, such as publish a content or even add a new
administrator.
Solution
=======This problem has no solution at this time.
Disclosure timeline
==================Oct 18 2007 - Vulnerability found.
Oct 18 2007 - Vulnerability reported to vendor.
Oct 18 2007 - Answer from vendor.
Jan 08 2008 - Advisory released.
Proof of Concept
===============
If a logged in administrator visits this page a new administrator will be added to the victim's
Joomla powered website.
---- exploit code ----
src="http://www.more4kids.info/uploads/Image/Carebears-Cover.jpg">
---- exploit code ----