Joomla version 2.5.3 suffers from a host header cross site scripting vulnerability.
48d091274bf4b52c22abc37f92ef99d2ada40ab391d86ffa9da700334945ebdd
[ TITLE ....... ][ Joomla 2.5.3 reflected XSS and/or Information disclosure
[ DATE ........ ][ 26.03.2012
[ AUTOHR ...... ][ http://hauntit.blogspot.com
[ SOFT LINK ... ][ http://joomla.org
[ VERSION ..... ][ 2.5.3
[ TESTED ON ... ][ LAMP
[ ----------------------------------------------------------------------- [
[ 1. What is this?
[ 2. What is the type of vulnerability?
[ 3. Where is bug :)
[ 4. More...
[--------------------------------------------[
[ 1. What is this?
This is very nice CMS, You should try it! ;)
[--------------------------------------------[
[ 2. What is the type of vulnerability?
This is reflected cross-site scripting. The same way attacker can use to get information
about localization of Your installed Joomla.
Try to send to your-joomla normal HTTP GET to any link You'll choose.
This is no matter. But change default 'localhost' or similar string
and send Your XSS-payload via this header.
In the same way we can get path/to/cms.
Enjoy.
[--------------------------------------------[
[ 3. Where is bug :)
'Host' header. (Because value from this header is used after request in HTML. :)
[--------------------------------------------[
[ 4. More...
- http://joomla.org
- http://hauntit.blogspot.com
- http://www.google.com
- http://portswigger.net
[
[--------------------------------------------[
[ All questions about new projects @ mail :)
]
[ Best regards
[