ID EDB-ID:10738 Type exploitdb Reporter Pyske Modified 2009-12-27T00:00:00
Description
Joomla Component com_qpersonel Cross Site Scripting Vulnerabilities. CVE-2009-4575. Webapps exploit for php platform
< ------------------- header data start ------------------- >
###########################################################################
Joomla Component com_qpersonel Cross Site Scripting Vulnerabilities
###########################################################################
# Author : Pyske
# Greetz : Fl0riX , M-K-A , F0RTS3V3N , 3KB3R ,BARCOD3 and ALL Cyber-Warrior
# Name : com_qpersonel
# Bug Type : Cross Site Scripting
# Infection : Yรถnetici ve User cookiekleri calinabilir.
# Bug Fix Advice : Zararlı karakterler filtrelenmelidir.
# Demo Vuln. : http://server/j15x/index.php?option=com_qpersonel&task=sirala&personel_sira=[XSS CODE]
#############################################################
< ------------------- header data end of ------------------- >
< -- bug code start -- >
">
< -- bug code end of -- >
{"bulletinFamily": "exploit", "id": "EDB-ID:10738", "cvelist": ["CVE-2009-4575"], "modified": "2009-12-27T00:00:00", "lastseen": "2016-02-01T13:05:42", "edition": 1, "sourceData": "< ------------------- header data start ------------------- >\r\n\r\n###########################################################################\r\nJoomla Component com_qpersonel Cross Site Scripting Vulnerabilities\r\n###########################################################################\r\n\r\n# Author : Pyske\r\n\r\n\r\n# Greetz : Fl0riX , M-K-A , F0RTS3V3N , 3KB3R ,BARCOD3 and ALL Cyber-Warrior\r\n\r\n\r\n# Name : com_qpersonel\r\n\r\n\r\n# Bug Type : Cross Site Scripting\r\n\r\n\r\n# Infection : Y\u0e23\u0e16netici ve User cookiekleri calinabilir.\r\n\r\n\r\n# Bug Fix Advice : Zararlı karakterler filtrelenmelidir.\r\n\r\n\r\n# Demo Vuln. : http://server/j15x/index.php?option=com_qpersonel&task=sirala&personel_sira=[XSS CODE]\r\n\r\n\r\n\r\n\r\n#############################################################\r\n\r\n< ------------------- header data end of ------------------- >\r\n\r\n\r\n< -- bug code start -- >\r\n\r\n\r\n\">\r\n\r\n\r\n< -- bug code end of -- >", "published": "2009-12-27T00:00:00", "href": "https://www.exploit-db.com/exploits/10738/", "osvdbidlist": ["61354"], "reporter": "Pyske", "hash": "677bd03832c327da16631edf3c5fe872adbde0dac66746f0217e132463b0e6f3", "title": "Joomla Component com_qpersonel Cross-Site Scripting Vulnerabilities", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Joomla Component com_qpersonel Cross Site Scripting Vulnerabilities. CVE-2009-4575. Webapps exploit for php platform", "references": [], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/10738/", "enchantments": {"vulnersScore": 3.3}}
{"result": {"cve": [{"id": "CVE-2009-4575", "type": "cve", "title": "CVE-2009-4575", "description": "Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to index.php.", "published": "2010-01-06T17:00:07", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4575", "cvelist": ["CVE-2009-4575"], "lastseen": "2017-08-17T11:14:35"}]}}
