Joomlaxtc Template Burgertime Cross Site Scripting Stored Vulnerability

2016.06.20
Credit: Turkhackteam
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Application Name : Joomlaxtc Template Burgertime Cross Site Scripting Stored Vulnerability # Vulnerable Type : Cross Site Scripting Stored # Vendor Homepage : http://www.joomlaxtc.com # Author : Turkhackteam.org | Bug Researchers | €r@y # Tested on Demo Site : http://demo.joomlaxtc.com/burgertime/ # Author Contact : http://www.turkhackteam.org/members/745069.html # Date : 20.06.2016 # Explanation ( Açıklama ) Joomlaxtc.com sitesinde yayınlanan, joomla sitelere ait templatede bulunan, "Cross Site Scripting" zafiyeti demo site üzerinde tespit edilmiştir. Zafiyet aşağıda verilmiş script kodunun, http://demo.joomlaxtc.com/burgertime/?xtcstyle= parametresine eklenerek, http://demo.joomlaxtc.com/burgertime/ sayfasında alert verdiğini görüyoruz. Yani siteye giren her kullanıcı bu zafiyetten etkilenmektedir. Sitenin herhangi bir sayfasına tıklandığında, alert verecektir. Bu da açığın, "XSS Stored" olduğunu göstermektedir. ############################################################# < ----------------- Bug code start -------------------- > ">**********alert("Cross-Site-Scripting%20Bug%20Researchers%20Turkhackteam.org%20/%20€r@y");</script><marquee><font%20size="4"%20color="red"%20face="Candice"%20><big><i>Cross-Site-Scripting%20Bug%20Researchers%20Turkhackteam.org%20/%20€r@y</i></big></font></marquee> <------------------ Bug code end of ------------------- >

References:

http://www.turkhackteam.org/members/745069.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top