The Joomla AWD Song component suffers from a cross site scripting vulnerability.
aebf3e9be9229d7c09b93c1b35713b1a1295cb433b66cccd3ed2fb8beb23e496 ================================================
Joomla com_awd_song persistent xss Vulnerability
================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I'm Sid3^effects member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Name : Joomla com_awd_song persistent xss Vulnerability
Date : june, 26 2010
Critical Level : HIGH
Vendor Url : http://joomlaextensions.co.in/component/awd_song/
Google Dork: inurl:com_awd_song
Price:$37.00
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
Frontend
There are 4 menus.
1. (Enter Contest) User can upload a new song.Whenever new songs are uploaded, users will receive an email to rate the new contest songs.
2. (Winner song) Users can see all of the winning songs from today.
3. (My Songs) Users can see all of their own songs they have uploaded.
4. (My Rated Songs) Users can see all of their own ratings for other users songs.
#######################################################################################################
Xploit:persistent xss Vulnerability
The attacker can post evil script or xss shell in the song review option
For example :">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>
DEMO URL : http://joomlaextensions.co.in/index.php?option=com_awd_song&task=view&id=4
###############################################################################################################
# 0day no more
# Sid3^effects
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed