Joomla Incapsula 1.4.6_b Cross Site Scripting

2013-01-09T00:00:00
ID PACKETSTORM:119364
Type packetstorm
Reporter LiquidWorm
Modified 2013-01-09T00:00:00

Description

                                        
                                            `  
Joomla Incapsula Component <= 1.4.6_b Reflected Cross-Site Scripting Vulnerability  
  
  
Vendor: Incapsula Inc.  
Product web page: http://www.incapsula.com  
Affected version: 1.4.6_b and bellow  
  
Summary: Once installing the Incapsula for Joomla component, simply  
make the provided DNS changes and within minutes your website traffic  
will be seamlessly routed through Incapsula’s globally distributed  
network of POPs.  
  
Desc: The Joomla Incapsula component suffers from a XSS issue due  
to a failure to properly sanitize user-supplied input to the 'token'  
GET parameter in the 'Security.php' and 'Performance.php' scripts.  
Attackers can exploit this weakness to execute arbitrary HTML and  
script code in a user's browser session.  
  
  
--------------------------------------------------------------------------  
/administrator/components/com_incapsula/assets/tips/en/Performance.php:  
-----------------------------------------------------------------------  
  
22: <a href="https://my.incapsula.com/billing/selectplan?token=  
<?php echo $_GET['token']; ?> target="_blank" class="IFJ_link">  
Click here</a> to upgrade your account  
  
  
Patch:  
------  
  
22: <a href="https://my.incapsula.com/billing/selectplan?token=  
<?php echo htmlentities($_GET['token']); ?>" target="_blank"  
class="IFJ_link">Click here</a> to upgrade your account  
  
--------------------------------------------------------------------------  
  
  
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)  
Apache 2.4.2 (Win32)  
PHP 5.4.4  
MySQL 5.5.25a  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience.mk  
  
  
Advisory ID: ZSL-2013-5121  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5121.php  
  
  
06.12.2012  
  
--  
  
  
http://localhost/administrator/components/com_incapsula/assets/tips/en/Security.php?token="><script>alert(document.cookie)</script>  
http://localhost/administrator/components/com_incapsula/assets/tips/en/Performance.php?token="><script>alert(document.cookie)</script>  
`