XSS and Full Path Disclosure in MijoSearch Joomla Extension

High-Tech Bridge Security Research Lab discovered 2 vulnerabilities in MijoSearch Joomla Extension, which can be exploited to gain access to potentially sensitive data and perform Cross-Site Scripting (XSS) attacks against users of vulnerable application.

1. Cross-site Scripting in MijoSearch: CVE-2013-6878
   The vulnerability exists due to insufficient sanitisation of user-supplied data appended to “/component/mijosearch/search” URL. A remote attacker can trick a logged-in user to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
   The following exploitation example uses the JavaScript alert() function to display “ImmuniWeb” word:
   http://[host]/component/mijosearch/search?query=im%22%3E%3Cdiv%20onmouseover =alert%28%22ImmuniWeb%22%29%20style=%22width:100%;height:10000px;z-index:100 %22%3E%3C/div%3E&limit=15&order=relevance&orderdir=desc

2. Information Exposure Through Externally-generated Error Message in MijoSearch: CVE-2013-6879
   The vulnerability exists due to improper implementation of error handling mechanisms in “/component/mijosearch/search” URL. A remote attacker can send a specially crafted HTTP GET request to the vulnerable web application and gain knowledge of full installation path of the application.
   The following exploitation example displays a warning message and installation path (if PHP “display_errors” is on)
   http://[host]/component/mijosearch/search?query=im%22%3Eimmuniweb&limit=15%2 7%22%3Cb%3Eimmuniweb&order=relevance%27%22%3Cb%3Eimmuniweb&orderdir=desc%27% 22%3Cb%3Eimmuniweb