Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting

🗓️ 16 Feb 2018 00:00:00Reported by Alwin PeppelsType

Joomla! SIGE 3.2.3 XSS in print.ph

Reporter	Title	Published	Views	Family All 9
0day.today	Joomla Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 Component - Cross-Site Scripting	17 Feb 201800:00	–	zdt
CVE	CVE-2017-16356	20 Feb 201815:00	–	cve
Cvelist	CVE-2017-16356	20 Feb 201815:00	–	cvelist
EUVD	EUVD-2017-7550	7 Oct 202500:30	–	euvd
exploitpack	Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting	16 Feb 201800:00	–	exploitpack
Joomla! Vulnerable Extensions List	Kubik-Rubik Simple Image Gallery Extended (SIGE),3.2.3,XSS (Cross Site Scripting)	26 Feb 201800:00	–	joomla
NVD	CVE-2017-16356	20 Feb 201815:29	–	nvd
Packet Storm	Joomla Kubik-Rubik SIGE 3.2.3 Cross Site Scripting	16 Feb 201800:00	–	packetstorm
Prion	Cross site scripting	20 Feb 201815:29	–	prion

# Exploit Title: Joomla! Component SIGE version <= 3.2.3 Cross-site Scripting
# Date: 15-02-2018
# Software Link: https://downloads.kubik-rubik.de/joomla-extensions/plg_sige_v3.2.3.zip
# Exploit Author: Alwin Peppels
# Website: www.onvio.nl
# CVE: CVE-2017-16356
# Category: webapps

1. Description
Kubik-Rubik Simple Image Gallery Extended (SIGE) contains an XSS in the
'print.php' file.
Insufficient sanitization of the 'caption' URL parameter allows injection
of Javascript into the page.
In versions <= 3.2.0 the 'name' and 'img' parameters are vulnerable as well.
Google dork: inurl:plugin_sige/print.php

The version of the SIGE plugin can be determined with this file:
[JOOMLA]/plugins/content/sige/sige.xml

2. Proof of Concept


 [JOOMLA]/plugins/content/sige/plugin_sige/print.php?img=x&caption=<img%20src=x%20onerror=alert(%27XSS%27)>

3. Solution:

Update to version 3.3.0
https://downloads.kubik-rubik.de/joomla-extensions/plg_sige_v3.3.0.zip

16 Feb 2018 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 24.3

CVSS 36.1

EPSS0.00296