Minify4Joomla Cross Site Scripting

2010-07-09T00:00:00
ID PACKETSTORM:91634
Type packetstorm
Reporter Sid3 effects
Modified 2010-07-09T00:00:00

Description

                                        
                                            ` =======================================================  
Minify4Joomla Upload and Persistent XSS Vulnerability  
=======================================================  
  
Name : Minify4Joomla Upload and Persistent XSS Vulnerability  
Date : july 9,2010  
Critical Level : HIGH  
vendor URL :http://waltercedric.com/  
Author : Sid3^effects aKa HaRi  
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_  
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz  
#######################################################################################################  
Description  
  
Minify4Joomla combines, minifies, and caches JavaScript and CSS files on demand to speed up page loads. Minify (BSD license) is a PHP5 app that can combine multiple CSS or JavaScript files, compress their contents  
  
######################################################################################################  
Xploit :Upload Vulnerability  
  
Step 1 : Register :D  
  
Step 2 : Submit your article which has your evil script :P  
Demo Url :http://website/index.php?option=com_content&view=article&layout=form&Itemid=51  
  
Step 3 : Now check your article..  
#######################################################################################################  
Xploit: Persistent XSS Vulnerability  
  
Attack pattern :">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>  
  
1.The attacker can insert xss scripts in the article section..  
2.To submit your evil xss register and then go and submit your article  
  
Demo url : http://website/index.php?option=com_content&view=article&layout=form&Itemid=51  
  
3.Now check your article  
#######################################################################################################  
# 0day no more  
# Sid3^effects  
  
`