logo
DATABASE RESOURCES PRICING ABOUT US

cgTestimonial 2.2 Joomla Component Multiple Remote Vulnerabilities

Description

cgTestimonial 2.2 Joomla Component Multiple Remote Vulnerabilities Name cgTestimonial Vendor http://www.cmsgalaxy.com Versions Affected 2.2 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta [at] gmail [dot] com Date 2010-08-06 X. INDEX I. ABOUT THE APPLICATION II. DESCRIPTION III. ANALYSIS IV. SAMPLE CODE V. FIX I. ABOUT THE APPLICATION ________________________ cg_Testimonial component is a tool for adding testimonial by the user from frontend and managing and publishing testimonials from backend. This Joomla extension allows website user to submit a testimonials form with several fields on one of your site's page and enable adding testimonials by either users or admin. II. DESCRIPTION _______________ Some parameters are not properly sanitised.The following vulnerabilities can be exploited from guest users. III. ANALYSIS _____________ Summary: A) Multiple Arbitrary File Upload B) XSS A) Multiple Arbitrary File Upload _________________________________ The usr_img parameter in cgtestimonial.php (frontend) and in testimonial.php (admin, without checks) is not properly sanitised. A check is executed on the content- type HTTP field. B) XSS ______ The url parameter in video.php is not properly sanitised before being printed on screen. IV. SAMPLE CODE _______________ A) Multiple Arbitrary File Upload http://poc.salvatorefresta.net/PoC-cgTestimonial2.2.pl.txt B) XSS http://site/path/components/com_cgtestimonial/video.php?url="><script>alert('xss');</script> V. FIX ______ No fix.