| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 14 Jun 2007 13:51:56 -0400 From: <edi.strosar@...nostne-novice.com> To: full-disclosure@...ts.grok.org.uk Subject: Letterman subscriber module XSS vulnerability ========================================================================= TeamIntell Security Advisory TISA2007-01 ------------------------------------------------------------------------- Letterman Subscriber Module "Itemid" Script Insertion Vulnerability ========================================================================= Release Date: 14.06.2007 Severity: Less critical Impact: Cross Site Scripting (XSS) Status: Official patch available Software: Letterman Subscriber Module (mod_letterman) Developer: http://www.thejfactory.com/ Disclosed: Edi Strosar (TeamIntell) ------------- Description: ------------- TeamIntell has reported a vulnerability in Letterman Subscriber Module (mod_letterman) for Joomla! CMS which can be exploited by malicious people to conduct script insertion attacks. Input passed to the "Itemid" parameter in mod_lettermansubscribe.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 1.2.4-RC1. Other versions may also be affected. ------------------ Proof of Concept: ------------------ http://localhost/index.php?option=com_letterman&task=view&id=1&Itemid=1"><script>alert(String.fromCharCode(88,83,83))</script> ---------- Solution: ---------- Developer has released version 1.2.5 which fixes this issue. --------- Contact: --------- Maldin d.o.o. Trzaska cesta 2 1000 Ljubljana - SI tel: +386 (0)590 70 170 fax: +386 (0)590 70 177 gsm: +386 (0)31 816 400 web: www.teamintell.com e-mail: info@...mintell.com ------------ Disclaimer: ------------ The content of this report is purely informational and meant for educational purposes only. Maldin d.o.o. shall in no event be liable for any damage whatsoever, direct or implied, arising from use or spread of this information. Any use of information in this advisory is entirely at user's own risk. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists