lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <003701cbb40f$6fd6fa60$c103fea9@ml>
Date: Fri, 14 Jan 2011 19:18:00 +0200
From: "MustLive" <mustlive@...security.com.ua>
To: <bugtraq@...urityfocus.com>,
	<full-disclosure@...ts.grok.org.uk>
Subject: Re: Cross-Site Scripting vulnerability in Joostina

Hello list!

Concerning Cross-Site Scripting vulnerability in Joostina which I wrote you
about last week
(http://lists.grok.org.uk/pipermail/full-disclosure/2011-January/078402.html).

At 07th of January, after my informing of developers, they released a patch
for this hole. Developers added fix to repository (at code.google.com) and
posted code of patch in comments at my site and at their official forum
(joomlaforum.ru). And what is more that patch can be applied for both
Joostina and Joomla 1.0.x (which developers of Joomla is not supporting any
more from 2009).

But this fix not solves all security issues in Joostina and I found another
attack vector for XSS. The attack is going via the same parameter ordering
in local search of engine (com_search), but taking into account that it
requires separate fix in other php-file of engine, then it can be considered 
as separate vulnerability.

Recently, at 11th of January, I checked fix on multiple sites which
installed first fix, and found new XSS hole. And developers confirmed that
the hole existed in Joostina 1.3.x and in previous branches (in default
configuration). Yesterday they officially released fix, which was added to
repository, in comments at my site and at their official forum. So users of
Joostina need to apply both patches to completely fix XSS in com_search.

PoC for new XSS:

http://site/index.php?option=com_search&searchword=xss&ordering=%22%3E%3C%73cript%3Ealert(document.cookie)%3Ealert(document.cookie)%3C/%73cript%3E

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ