Search...

cgTestimonial 2.2 Joomla Component Multiple Remote Vulnerabilities

2010-08-09T00:00:00

ID SECURITYVULNS:DOC:24444
Type securityvulns
Reporter Securityvulns
Modified 2010-08-09T00:00:00

Description

cgTestimonial 2.2 Joomla Component Multiple Remote Vulnerabilities

Name cgTestimonial Vendor http://www.cmsgalaxy.com Versions Affected 2.2

Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta [at] gmail [dot] com Date 2010-08-06

X. INDEX

I. ABOUT THE APPLICATION II. DESCRIPTION III. ANALYSIS IV. SAMPLE CODE V. FIX

I. ABOUT THE APPLICATION

cg_Testimonial component is a tool for adding testimonial by the user from frontend and managing and publishing testimonials from backend. This Joomla extension allows website user to submit a testimonials form with several fields on one of your site's page and enable adding testimonials by either users or admin.

II. DESCRIPTION

Some parameters are not properly sanitised.The following vulnerabilities can be exploited from guest users.

III. ANALYSIS

Summary:

A) Multiple Arbitrary File Upload B) XSS

A) Multiple Arbitrary File Upload

The usr_img parameter in cgtestimonial.php (frontend) and in testimonial.php (admin, without checks) is not properly sanitised. A check is executed on the content- type HTTP field.

B) XSS

The url parameter in video.php is not properly sanitised before being printed on screen.

IV. SAMPLE CODE

A) Multiple Arbitrary File Upload

http://poc.salvatorefresta.net/PoC-cgTestimonial2.2.pl.txt

B) XSS

http://site/path/components/com_cgtestimonial/video.php?url="><script>alert('xss');</script>

V. FIX

No fix.

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:24444", "bulletinFamily": "software", "title": "cgTestimonial 2.2 Joomla Component Multiple Remote Vulnerabilities", "description": "cgTestimonial 2.2 Joomla Component Multiple Remote Vulnerabilities\r\n\r\n Name cgTestimonial\r\n Vendor http://www.cmsgalaxy.com\r\n Versions Affected 2.2\r\n\r\n Author Salvatore Fresta aka Drosophila\r\n Website http://www.salvatorefresta.net\r\n Contact salvatorefresta [at] gmail [dot] com\r\n Date 2010-08-06\r\n\r\nX. INDEX\r\n\r\n I. ABOUT THE APPLICATION\r\n II. DESCRIPTION\r\n III. ANALYSIS\r\n IV. SAMPLE CODE\r\n V. FIX\r\n \r\n\r\nI. ABOUT THE APPLICATION\r\n________________________\r\n\r\ncg_Testimonial component is a tool for adding\r\ntestimonial by the user from frontend and managing and\r\npublishing testimonials from backend.\r\nThis Joomla extension allows website user to submit a\r\ntestimonials form with several fields on one of your\r\nsite's page and enable adding testimonials by either\r\nusers or admin.\r\n\r\n\r\nII. DESCRIPTION\r\n_______________\r\n\r\nSome parameters are not properly sanitised.The following\r\nvulnerabilities can be exploited from guest users.\r\n\r\n\r\nIII. ANALYSIS\r\n_____________\r\n\r\nSummary:\r\n\r\n A) Multiple Arbitrary File Upload\r\n B) XSS\r\n \r\n\r\nA) Multiple Arbitrary File Upload\r\n_________________________________\r\n\r\nThe usr_img parameter in cgtestimonial.php (frontend)\r\nand in testimonial.php (admin, without checks) is not\r\nproperly sanitised. A check is executed on the content-\r\ntype HTTP field.\r\n\r\n\r\nB) XSS\r\n______\r\n\r\nThe url parameter in video.php is not properly sanitised\r\nbefore being printed on screen.\r\n\r\n\r\nIV. SAMPLE CODE\r\n_______________\r\n\r\nA) Multiple Arbitrary File Upload\r\n\r\nhttp://poc.salvatorefresta.net/PoC-cgTestimonial2.2.pl.txt\r\n\r\nB) XSS\r\n\r\nhttp://site/path/components/com_cgtestimonial/video.php?url="><script>alert('xss');</script>\r\n\r\n\r\nV. FIX\r\n______\r\n\r\nNo fix.\r\n", "published": "2010-08-09T00:00:00", "modified": "2010-08-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24444", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:36", "edition": 1, "viewCount": 3, "enchantments": {"score": {"value": 2.8, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11047"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11047"]}]}, "exploitation": null, "vulnersScore": 2.8}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645460286}}