Joomla 3.1.5 Cross Site Scripting

Joomla 3.1.5 Cross Site Scripting: Posted Aug 6, 2013; Authored by Emilio Pinna; Joomla versions 3.1.5 and 3.1.4 suffer from a reflective cross site scripting vulnerability in example.php.; tags | exploit, php, xss; SHA-256 | 505f805cbabe1c1344542d455a87ded89cd66960ecb7055c0c0e53332da1021d; Download | Favorite | View

Joomla 3.1.5 Cross Site Scripting

============================================================
- Original release date: August 05, 2013
- Discovered by: Emilio Pinna (Application Security Analyst at Abinsula)
- Contact: (emilio (dot) pinn (at) gmail (dot) com)
- Severity: 4.3/10 (Base CVSS Score)
============================================================

VULNERABILITY
-------------------------
Joomla core package <= 3.1.5 includes a PHP script that suffers from
reflected XSS vulnerability that allows to inject HTML and malicious
scripts that can access any cookies, session tokens, or other
sensitive information retained by your browser and used with that
site.

Joomla is one of the most installed CMS with dozens of millions of
installations.

DESCRIPTION
-------------------------
Affected file libraries/idna_convert/example.php has different injection points:

- Unsanitized lang parameter in line 24
- Unsanitized file name printing on lines 112 and 119

PROOF OF CONCEPT
-------------------------

https://localhost/joomla/libraries/idna_convert/example.php?lang="><script>alert(document.cookie);</script><!--

BUSINESS IMPACT
-------------------------
As usual, attackers can exploit these weaknesses to execute arbitrary
HTML and script code in a user's browser session that visits the
malicious crafted url.

SYSTEMS AFFECTED
-------------------------
Joomla-CMS <= 3.1.5

SOLUTION
-------------------------
Fixed removing the vulnerable example file on git with commit
c00c033d33d901e1ca6be9061a44e55acd041b1f

REFERENCES
-------------------------
https://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/
https://github.com/joomla/joomla-cms/issues/1658

CREDITS
-------------------------
Emilio Pinna (emilio (dot) pinn (at) gmail (dot) com)

DISCLOSURE TIMELINE
-------------------------
August 4, 2013: Opened a ticket describing the bug by Adam Willard.
August 5, 2013: Fixed by Michael Babker.
August 5, 2013: Vulnerability disclosed by Emilio Pinna.

LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is"
with no warranties or guarantees of fitness of use or otherwise.

Top Authors In Last 30 Days

Red Hat 235 files
Ubuntu 50 files
Debian 19 files
LiquidWorm 15 files
Apple 9 files
Gentoo 5 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,945)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,987)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

Joomla 3.1.5 Cross Site Scripting

Joomla 3.1.5 Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Joomla 3.1.5 Cross Site Scripting

Share This

Joomla 3.1.5 Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems