Creato Mercoledì, 05 Maggio 2010 18:13
# EDB-ID: 12473
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Valentin
# Published: 2010-05-01
# Verified: yes
# Download Exploit Code
# Download N/A
# Exploit Title: Joomla Component Table JX XSS Vulnerabilities |
# Date: 01.05.2010 |
# Author: Valentin |
# Category: webapps/0day |
# Version: |
# Tested on: |
# CVE : |
# Code : |
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::] |
>> General Information |
Advisory/Exploit Title = Joomla Component Table JX XSS Vulnerabilities |
Author = Valentin Hoebel |
Contact =
Questo indirizzo email è protetto dagli spambots. E' necessario abilitare JavaScript per vederlo.
|
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::] |
>> Product information |
Name = Table JX |
Vendor = Tools JX |
Vendor Website = http://www.toolsjx.com |
Affected Version(s) = all |
|
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::] |
>> #1 Vulnerability |
Type = XSS |
index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0&data_search=[XSS] |
index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0?data_search=&rpp=[XSS] |
In case you wonder: Yes, those are exactely the same URIs like in the other Joomla |
component "Card View JX". Both of them seem to be named "com_grid" and use exactely |
the same architecture, parameters etc. Therefore both of them are vulnerable to |
the same XSS attacks. |
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::] |
>> Additional Information |
Advisory/Exploit Published = 01.05.2010 |
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::] |
>> Misc |
Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase! |
<3 packetstormsecurity.org! |
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::] |
Categoria: Vulnerabilità Joomla