Wednesday, 4 January 2012

[UPDATE] Joomla 1.7 Vulnerable to XSS

Lets start Happy New Year by some reflection...

Reflection as "reflected XSS" in latest Joomla (1.7.3 for this post).

Scenario of this attack is quite simple: attacker must build file with XSS and send it to Victim.
For reflected XSS when we are talking about Admin and Users, situation could be like this:
- (mail to admin) hi admin, this is my file.html, could it be added to my Joomla Profile? (... or what ever else...;)  )
- wait, I must check it...
(...) and here is when admin or other user could be exploited by this reflected XSS.

What do You think: Should it be public? :D

UPDATE: (10.01.2012): 

As there is a nice example of how reflected XSS could be devastating, I present You
link to PoC I found here (it is well known polish portal about security and IT, enjoy!).

Pastebin link is example of what Aditya Modha and Samir Shah found in WordPress 3.3.
Nice work! ;)

(more -> soon... ;) )

No comments:

Post a Comment

What do You think...?