Joomla! 2.5.x/3.5.0 XSS

Posted in Joomla!
2016-06-06 07:06:05 +0000 UTC

Joomla! versions before 3.5.0, including the 2.5.x series (likely all the way back to 1.6.0, no regression testing done) are vulnerable to reflective XSS:

Joomla! 1.6/1.7/2.5 Privilege Escalation Vulnerability

Posted in Joomla!
2012-03-15 19:47:25 +0000 UTC

Joomla! 1.6.x/1.7.x/2.5.0-2.5.2 suffers from a privilege escalation vulnerability that allows users to be registered into any group not having 'core.admin' privileges.

Joomla! Remember Me Cookie Encryption Issues

Posted in Joomla!
2011-09-29 04:11:31 +0000 UTC

There is a serious problem with the way Joomla! handles the "remember me" login cookie. It is possible to decrypt the contents of this cookie and alter the serialized data inside, which could possibly lead to exploitation. Versions 1.5 through 1.7.1 are affected.

Joomla! TinyMCE DOS

Posted in Joomla!
2011-04-05 15:23:03 +0000 UTC

Back in February, I reported an issue with TinyMCE to the Joomla! Security Strike Team. Since then, they "fixed" it in 1.6.1, but failed to do so for 1.5.23. Joomla! 1.5.x ships with a script that is supposed to cache gzipped copies of TinyMCE, but not only is this script never used, but it doesn't clean up after itself.

Joomla! 1.6.0 Multiple Minor Vulnerabilities

Posted in Joomla!
2011-03-08 15:47:09 +0000 UTC

Now that 1.6.1 is officially released, I figured I'd go ahead and publish a few of the "sensitive" bugs I found in 1.6.0.

Joomla! JFilterInput XSS Bypass

Posted in Joomla!
2011-02-01 14:21:12 +0000 UTC

Joomla! 1.5 and 1.6 rely on the JFilterInput class to sanitize user-supplied html. This class attempts to parse any given string for html code, checks the code against a whitelist of elements and attributes, and strips out any code that is not allowed. However, malformed html code can be used to bypass the filter and inject XSS code into user-supplied input.

Mosets Tree 2.1.6 Template Overwrite CSRF

Posted in Joomla!
2010-11-18 18:06:25 +0000 UTC

Moset's Tree <= 2.1.6 for Joomla! does not use anti-CSRF tokens in its admin forms.

Temporary Joomla 1.5.20 XSS Hotfix

Posted in Joomla!
2010-10-07 21:47:22 +0000 UTC

The guys over at YGN posted a video today of a 0-day Joomla! 1.5.20 XSS flaw. I've taken a look and have a quick fix that should prevent exploitation.

Biziant Sentry Alpha Release

Posted in Joomla!
2010-10-05 00:52:58 +0000 UTC

Today, I threw together a site and released a new project into the wild: Biziant Sentry.

Biziant Sentry is currently in alpha and is not recommended for use on production sites! I've released this in the hopes that the community will come together and help make this project the best that it can be!

SOBI2 Code Injection CSRF Exploit

Posted in Joomla!
2010-10-04 05:00:00 +0000 UTC

SOBI2's admin panel doesn't explicitly check for _POST requests, nor does it have a nonce.