lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 7 Feb 2014 23:58:22 +0200
From: "MustLive" <>
To: <>, <>
Subject: New vulnerabilities in Google Maps plugin for

Hello list!

Last year I wrote about multiple vulnerabilities in Google Maps plugin. 
After my informing the developer fixed them, but this year I found new 

These are Denial of Service and Insufficient Anti-automation vulnerabilities 
in Google Maps plugin for Joomla.

Affected products:

Vulnerable are Google Maps plugin v3.2 for Joomla and previous versions. 
Except versions 2.19, 2.20 and 3.1 of the plugin where proxy functionality 
was removed.

I've informed the developer about these holes. Now he is working on a new 
version of the plugin. He hasn't released Google Maps v3.2 yet, only put it 
on his site. And after fixing all reported vulnerabilities, he will release 
it to the public.

Affected vendors:

Mike Reumer


Denial of Service (WASC-10):

It's possible to conduct attacks on target sites, where domain of web site 
with Google Maps plugin is used as subdomain.

For old versions of the plugin "plugin_googlemap2_proxy.php" is used and for 
new versions of the plugin "plugin_googlemap3_kmlprxy.php" is used. E.g. 
request for attack on site via script at web site "site":



It's needed by bypass security filter (domain restriction) if it's turned 
on. Thus it's possible to attack web sites, which allow arbitrary 

Besides conducting DoS attack manually, it's also possible to conduct 
automated DoS and DDoS attacks with using of DAVOSET 

Insufficient Anti-automation (WASC-21):

Last year in Google Maps plugin v3.2 the developer made protection from 
automated attacks, but it's not effective. And use of above-mentioned domain 
check can be bypassed.

In this functionality there is no reliable protection from automated 
requests. To bypass protection for accessing this script (appeared in 
version 3.2) it's needed to set referer, cookie and token. The referer is 
current site, the cookie is set by the site (Joomla) itself and the token 
can be found at page which uses plugin of the site (and it's setting in 
URL). This data can be taken from the site automatically.

Referer: http://site
Cookie: dc9023a0ff4f8a00f9b2f4e7600c17f4=69c59f0263b70f9343e0a75a93bd44a0

I have disclosed it at my site (

Best wishes & regards,
Administrator of Websecurity web site 

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Powered by blists - more mailing lists