viernes, 6 de agosto de 2010

:::SPAS3C-WV-005:::Vulnerability in Joomla! Core (Back-end) <= 1.5.19



About two months ago, i found several vulnerabilities in Joomla! v<= 1.5.19 and these are my advisories. This one was published on Joomla! Security Center: here

  • Project: Joomla!
  • Severity: Medium
  • Versions: 1.5.19 and all previous 1.5 releases
  • Exploit type: XSS Injection
  • Reported Date: 2010-June-8

Back-end was vulnerable to XSS/HTML Code Injection. Get var "menutype" used in "com_menus" (core component) allowed the injection.

Proof-of-Concept:

http://[HOST]/[JOOMLA-PATH]/administrator/index.php?option=com_menus&task=view&menutype=mainmenu%22%20onmouseover=%22alert%28%27Discovered%20by%20Jose%20A.%20Vazquez%27%29;

Some screenshots:


Fig.1: XSS triggered in Joomla! Back-end



Fig.2: Code injected.

Be safe ;)