lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <75D4F42B119E7A48AF409AC91F54DF0A7A24B769@ORD2MBX01E.mex05.mlsrvr.com>
Date: Wed, 10 Jul 2013 18:51:51 +0000
From: Jose Carlos de Arriba <jcarriba@...egroundsecurity.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>,
 "submit@...sec.com" <submit@...sec.com>, "bugtraq@...urityfocus.com"
 <bugtraq@...urityfocus.com>
Subject: [Foreground Security 2013-001]: Joomla
 AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting (XSS) vulnerability

Joomla AICONTACTSAFE 2.0.19 Extension Cross-Site Scripting (XSS) vulnerability
============================================================
FOREGROUND SECURITY, SECURITY ADVISORY 2013-001
- Original release date: July 10, 2013
- Discovered by: Adam Willard (Software Security Analyst at Foreground Security)
- Verified by: Jose Carlos de Arriba (Pentest Team Manager at Foreground Security)
- Contact: (awillard (at) foregroundsecurity (dot) com)
- Severity: 4.3/10 (Base CVSS Score)
============================================================

I. VULNERABILITY
-------------------------
Algis Info aiContactSafe Extension 2.0.19 (latest) Cross-Site Scripting (XSS) vulnerability - (prior versions have not been checked but could be vulnerable too).

II. BACKGROUND
-------------------------
Algis Info aiContactSafe is a native Joomla component developed by Algis Info.
You can use it to place a complex contact form on your web page.
Here are some of the facilities that it can offer:
- custom fields
- captcha
- custom text related to the contact informations
- multilingual support ( through Joomfish )
- SEFthrough Artio JoomSEF or sh404SEF

III. DESCRIPTION
-------------------------
Algis Info aicontactsafe 2.0.19 (latest) Extension presents a Cross-Site Scripting (XSS) vulnerability in the "url" due to an insufficient input/output sanitization.
A malicious user could perform session hijacking or phishing attacks.

IV. PROOF OF CONCEPT
-------------------------
(This section has been removed per vendor request).

V. BUSINESS IMPACT
-------------------------
An attacker could perform session hijacking or phishing attacks.

VI. SYSTEMS AFFECTED
-------------------------
Joomla Extension, AlgisInfo com_aicontactsafe_2_0_19_stable Extension (prior versions have not been checked but could be vulnerable too).

VII. SOLUTION
-------------------------
Fixed on 2.0.21.stable version release.

VIII. REFERENCES
-------------------------
http://www.algisinfo.com/
http://www.foregroundsecurity.com/

IX. CREDITS
-------------------------
This vulnerability has been discovered by Adam Willard (awillard (at) foregroundsecurity (dot) com), verification and release coordination by Jose Carlos de Arriba (jcarriba (at) foregroundsecurity (dot) com). 

X. REVISION HISTORY
-------------------------
- July 10, 2013: Initial release.

XI. DISCLOSURE TIMELINE
-------------------------
April 2, 2013: Vulnerability discovered by Adam Willard.
April 3, 2013: Vulnerability verified by Jose Carlos de Arriba.
April 15: AlgisInfo aiContactSafe Author contacted by email.
April 15: Response from author and security advisory sent to him.
April 16: Vulnerability fixed on 2.0.21.stable version release
July  10: Security advisory released

XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise.



Jose Carlos de Arriba, CISSP
Pentest Team Manager
Foreground Security
305-340-9964
jcarriba (at) foregroundsecurity . com
www.foregroundsecurity.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ