Full Disclosure mailing list archives
Re: Cross-Site Scripting vulnerability in Joostina
From: "MustLive" <mustlive () websecurity com ua>
Date: Fri, 14 Jan 2011 19:18:00 +0200
Hello list! Concerning Cross-Site Scripting vulnerability in Joostina which I wrote you about last week (http://lists.grok.org.uk/pipermail/full-disclosure/2011-January/078402.html). At 07th of January, after my informing of developers, they released a patch for this hole. Developers added fix to repository (at code.google.com) and posted code of patch in comments at my site and at their official forum (joomlaforum.ru). And what is more that patch can be applied for both Joostina and Joomla 1.0.x (which developers of Joomla is not supporting any more from 2009). But this fix not solves all security issues in Joostina and I found another attack vector for XSS. The attack is going via the same parameter ordering in local search of engine (com_search), but taking into account that it requires separate fix in other php-file of engine, then it can be considered as separate vulnerability. Recently, at 11th of January, I checked fix on multiple sites which installed first fix, and found new XSS hole. And developers confirmed that the hole existed in Joostina 1.3.x and in previous branches (in default configuration). Yesterday they officially released fix, which was added to repository, in comments at my site and at their official forum. So users of Joostina need to apply both patches to completely fix XSS in com_search. PoC for new XSS: http://site/index.php?option=com_search&searchword=xss&ordering=%22%3E%3C%73cript%3Ealert(document.cookie)%3Ealert(document.cookie)%3C/%73cript%3E Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Cross-Site Scripting vulnerability in Joostina MustLive (Jan 08)
- <Possible follow-ups>
- Re: Cross-Site Scripting vulnerability in Joostina MustLive (Jan 14)