======================================================= Minify4Joomla Upload and Persistent XSS Vulnerability ======================================================= Name : Minify4Joomla Upload and Persistent XSS Vulnerability Date : july 9,2010 Critical Level : HIGH vendor URL :http://waltercedric.com/ Author : Sid3^effects aKa HaRi special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_ greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz ####################################################################################################### Description Minify4Joomla combines, minifies, and caches JavaScript and CSS files on demand to speed up page loads. Minify (BSD license) is a PHP5 app that can combine multiple CSS or JavaScript files, compress their contents ###################################################################################################### Xploit :Upload Vulnerability Step 1 : Register :D Step 2 : Submit your article which has your evil script :P Demo Url :http://website/index.php?option=com_content&view=article&layout=form&Itemid=51 Step 3 : Now check your article.. ####################################################################################################### Xploit: Persistent XSS Vulnerability Attack pattern :">>

XSS3d By Sid3^effects

1.The attacker can insert xss scripts in the article section.. 2.To submit your evil xss register and then go and submit your article Demo url : http://website/index.php?option=com_content&view=article&layout=form&Itemid=51 3.Now check your article ####################################################################################################### # 0day no more # Sid3^effects