BugTraq
JS Calendar 1.5.1 Joomla Component Multiple Remote Vulnerabilities Oct 09 2010 06:30PM
Salvatore Fresta aka Drosophila (drosophilaxxx gmail com)

JS Calendar 1.5.1 Joomla Component Multiple Remote Vulnerabilities

Name JS Calendar
Vendor http://www.joomlaseller.com
Versions Affected 1.5.1

Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-10-09

X. INDEX

I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX

I. ABOUT THE APPLICATION
________________________

JoomlaSeller - Calendar Event is a powerful Joomla!
component which allows you to easily create events and
publish them on a desired date. It is a native build
component for Joomla! 1.5 version and can easily be
installed using the Joomla! back-end Install
functionality.

II. DESCRIPTION
_______________

Some parameters are not properly sanitised before being
used in a SQL query or returned to the user.

III. ANALYSIS
_____________

Summary:

A) SQL Injection
B) Multiple Reflected XSS

A) SQL Injection
________________

Input passed to "ev_id" parameter is not properly
sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting
arbitrary SQL code.

B) Multiple XSS
_______________

Input passed to the "month" and "year" parameters are
not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML
and script code in a users browser session in context
of an affected site.

IV. SAMPLE CODE
_______________

A) SQL Injection

http://site/path/index.php?option=com_jscalendar&view=jscalendar&task=de
tails&ev_id=999 UNION SELECT 1,username,password,4,5,6,7,8 FROM jos_users

B) Multiple XSS

http://site/path/index.php?option=com_jscalendar&view=jscalendar&month=<
script>alert('XSS');</script>

http://site/path/index.php?option=com_jscalendar&view=jscalendar&year=<s
cript>alert('XSS');</script>

V. FIX
______

No fix.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus