Joomla! Component Easydiscuss < 4.0.21 - Cross-Site Scripting

Exploit Database
16 阅读

作者： Mattia Furlani

日期： 2018-01-10
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/43488/

# Exploit Title: Joomla Plugin Easydiscuss <4.0.21 Persistent XSS in Edit Message
# Date: 06-01-2018
# Software Link: https://stackideas.com/easydiscuss
# Exploit Author: Mattia Furlani
# CVE: CVE-2018-5263
# Category: webapps

1. Description

Whenever a user edits a message with <\textarea> inside the body, everything after the <\textarea> will be executed in the user’s browser. Works with every version up to 4.0.20


2. Proof of Concept

Login with permissions to post a message, insert <\textarea> in the body and add any html code after that, whenever a user tries to edit that message the code writed after you closed the textarea will be executed


3. Solution:

Update to version 4.0.21
https://stackideas.com/blog/easydiscuss4021-update

last Exploits
Joomla! Component Easydiscuss < 4.0.21 - Cross-Site Scripting的更多信息

Elxis 2009.2 rev2631 – SQL Injection：
Joomla! Component JUX EventOn 1.0.1 – ‘id’ SQL Injection：
Joomla! Component com_recipe – Multiple SQL Injections：
Wavlink WN530HG4 – Password Disclosure：
Digirez 3.4 – Cross-Site Request Forgery (Update Admin)：
Freeter 1.2.1 – Persistent Cross-Site Scripting：
Gitea 1.22.0 – Stored XSS：
Verizon Fios Router MI424WR-GEN3I – Cross-Site Request Forgery：