Joomla 2.5.3 Information Disclosure

2012-04-26T00:00:00
ID PACKETSTORM:112230
Type packetstorm
Reporter HauntIT
Modified 2012-04-26T00:00:00

Description

                                        
                                            `[ TITLE ....... ][ Joomla 2.5.3 information disclosure (tested for admin)  
[ DATE ........ ][ 01.04.2012  
[ AUTOHR ...... ][ http://hauntit.blogspot.com  
[ SOFT LINK ... ][ http://joomla.org  
[ VERSION ..... ][ 2.5.3  
[ TESTED ON ... ][ LAMP  
[ ----------------------------------------------------------------------- [  
  
[ 1. What is this?  
[ 2. What is the type of vulnerability?  
[ 3. Where is bug :)  
[ 4. More...  
  
[--------------------------------------------[  
[ 1. What is this?  
This is very nice CMS, You should try it! ;)  
  
[--------------------------------------------[  
[ 2. What is the type of vulnerability?  
This is information disclosure bug for admin logged-in.  
  
[--------------------------------------------[  
[ 3. Where is bug :)  
http://your.joomla/administrator/index.php?option=com_modules&view=positions&layout=modal&tmpl=component&function=jSelectPosition_jform_position&client_id=8%27];][][]%3E???%3E./8  
  
Vulnerable parameter is client_id but "output" with information (disclosure bug) is available only  
in HTML source (so right-click, and view source for 'invalid' string to get information where  
Joomla is installed on remote server).  
  
By the way: You can set this parameter to non-existent ID (for example 11111111111).   
You should get the same response (in source, search for 'invalid').  
  
[--------------------------------------------[  
[ 4. More...  
  
- http://hauntit.blogspot.com  
- http://www.joomla.org  
- http://www.google.com  
- http://portswigger.net  
[  
[--------------------------------------------[  
[ All questions about new projects @ mail now :)  
]  
[ Best regards  
[   
  
`