About two months ago, i found several vulnerabilities in Joomla! v<= 1.5.19 and these are my advisories. This one was published on Joomla! Security Center: here
- Project: Joomla!
- Severity: Medium
- Versions: 1.5.19 and all previous 1.5 releases
- Exploit type: XSS Injection
- Reported Date: 2010-June-8
Back-end was vulnerable to XSS/HTML Code Injection. Get var "menutype" used in "com_menus" (core component) allowed the injection.
Proof-of-Concept:
http://[HOST]/[JOOMLA-PATH]/administrator/index.php?option=com_menus&task=view&menutype=mainmenu%22%20onmouseover=%22alert%28%27Discovered%20by%20Jose%20A.%20Vazquez%27%29;
Some screenshots:
Fig.1: XSS triggered in Joomla! Back-end
Fig.2: Code injected.
Be safe ;)
