jeffchannell.com

MS Comment 0.8.0b Multiple Vulnerabilities

Posted in Joomla!
2009-09-17 05:00:00 +0000 UTC

MS Comment 0.8.0b for Joomla, a commenting plugin, suffers from an multiple vulnerabilities.

  1. Captcha Cracking

    The submission uses AJAX and fails to reset the captcha after a submission. Read once, write many.
  2. Website Input XSS

    The 'Website' input field is checked for html markup, but fails to sanitize extra parameters.
    " onmouseover="alert(String.fromCharCode(88,83,83))
    " style="color:expression(alert(String.fromCharCode(88,83,83)))

    Timeline

    • Vulnerabilities Discovered: 31 July 2009
    • Vendor Notified: 31 July 2009
    • Vendor Response: ... 2009
    • Update Available: ... 2009
    • Disclosure: 17 September 2009