ID EDB-ID:10738
Type exploitdb
Reporter Pyske
Modified 2009-12-27T00:00:00
Description
Joomla Component com_qpersonel Cross Site Scripting Vulnerabilities. CVE-2009-4575. Webapps exploit for php platform
< ------------------- header data start ------------------- >
###########################################################################
Joomla Component com_qpersonel Cross Site Scripting Vulnerabilities
###########################################################################
# Author : Pyske
# Greetz : Fl0riX , M-K-A , F0RTS3V3N , 3KB3R ,BARCOD3 and ALL Cyber-Warrior
# Name : com_qpersonel
# Bug Type : Cross Site Scripting
# Infection : Yรถnetici ve User cookiekleri calinabilir.
# Bug Fix Advice : Zararlı karakterler filtrelenmelidir.
# Demo Vuln. : http://server/j15x/index.php?option=com_qpersonel&task=sirala&personel_sira=[XSS CODE]
#############################################################
< ------------------- header data end of ------------------- >
< -- bug code start -- >
">
< -- bug code end of -- >
{"published": "2009-12-27T00:00:00", "id": "EDB-ID:10738", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "history": [], "enchantments": {"score": {"value": 6.8, "vector": "NONE"}, "vulnersScore": 6.8}, "hash": "677bd03832c327da16631edf3c5fe872adbde0dac66746f0217e132463b0e6f3", "description": "Joomla Component com_qpersonel Cross Site Scripting Vulnerabilities. CVE-2009-4575. Webapps exploit for php platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/10738/", "lastseen": "2016-02-01T13:05:42", "edition": 1, "title": "Joomla Component com_qpersonel Cross-Site Scripting Vulnerabilities", "osvdbidlist": ["61354"], "modified": "2009-12-27T00:00:00", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-4575"], "sourceHref": "https://www.exploit-db.com/download/10738/", "references": [], "reporter": "Pyske", "sourceData": "< ------------------- header data start ------------------- >\r\n\r\n###########################################################################\r\nJoomla Component com_qpersonel Cross Site Scripting Vulnerabilities\r\n###########################################################################\r\n\r\n# Author : Pyske\r\n\r\n\r\n# Greetz : Fl0riX , M-K-A , F0RTS3V3N , 3KB3R ,BARCOD3 and ALL Cyber-Warrior\r\n\r\n\r\n# Name : com_qpersonel\r\n\r\n\r\n# Bug Type : Cross Site Scripting\r\n\r\n\r\n# Infection : Y\u0e23\u0e16netici ve User cookiekleri calinabilir.\r\n\r\n\r\n# Bug Fix Advice : Zararlı karakterler filtrelenmelidir.\r\n\r\n\r\n# Demo Vuln. : http://server/j15x/index.php?option=com_qpersonel&task=sirala&personel_sira=[XSS CODE]\r\n\r\n\r\n\r\n\r\n#############################################################\r\n\r\n< ------------------- header data end of ------------------- >\r\n\r\n\r\n< -- bug code start -- >\r\n\r\n\r\n\">\r\n\r\n\r\n< -- bug code end of -- >", "objectVersion": "1.0"}
{"cve": [{"lastseen": "2017-08-17T11:14:35", "references": ["http://www.exploit-db.com/exploits/10738", "https://exchange.xforce.ibmcloud.com/vulnerabilities/55128", "http://www.securityfocus.com/bid/37503"], "description": "Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to index.php.", "edition": 2, "reporter": "NVD", "published": "2010-01-06T17:00:07", "title": "CVE-2009-4575", "type": "cve", "enchantments": {"score": {"modified": "2017-08-17T11:14:35", "vector": "NONE", "value": 4.3}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-4575"], "scanner": [], "modified": "2017-08-16T21:31:39", "cpe": ["cpe:/a:qproje:com_qpersonel:1.2:rc2"], "id": "CVE-2009-4575", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4575", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}
