what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 3 of 3

Files from Jeff Channell

Joomla! 1.5 / 1.6 JFilterinput Cross Site Scripting Bypass

Posted Feb 1, 2011

Authored by Jeff Channell

Joomla! 1.5 and 1.6 rely on the JFilterInput class to sanitize user-supplied html. This class attempts to parse any given string for html code, checks the code against a whitelist of elements and attributes, and strips out any code that is not allowed. However, malformed html code can be used to bypass the filter and inject XSS code into user-supplied input.

tags | exploit, xss

SHA-256 | d1c7d9bd65808d2318a87184f308f50b77012630bad28f43fca5b7c9862ab2bd

Download | Favorite | View

Joomla! Spam Mail Relay

Posted Jan 11, 2011

Authored by Jeff Channell

Joomla! versions 1.5.22 and 1.6.0 suffer from a spam relay vulnerability.

tags | exploit

SHA-256 | 02a3b01ea3eba1f573ef363a41ec2af7ea94edb1ac39f97187cb65cad191929f

Download | Favorite | View

JomSocial 1.8.8 Shell Upload

Posted Oct 1, 2010

Authored by Jeff Channell

JomSocial version 1.8.8 suffers from a shell upload vulnerability.

tags | exploit, shell

SHA-256 | ebcc698829cd4fe34fbf554ffaa108281816ea706a40d4c0200f77534f9604ea

Download | Favorite | View