Joomla! Component Easydiscuss < 4.0.21 - Cross-Site Scripting

Exploit Database
97 阅读

作者： Mattia Furlani

日期： 2018-01-10
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/43488/

# Exploit Title: Joomla Plugin Easydiscuss <4.0.21 Persistent XSS in Edit Message
# Date: 06-01-2018
# Software Link: https://stackideas.com/easydiscuss
# Exploit Author: Mattia Furlani
# CVE: CVE-2018-5263
# Category: webapps

1. Description

Whenever a user edits a message with <\textarea> inside the body, everything after the <\textarea> will be executed in the user’s browser. Works with every version up to 4.0.20


2. Proof of Concept

Login with permissions to post a message, insert <\textarea> in the body and add any html code after that, whenever a user tries to edit that message the code writed after you closed the textarea will be executed


3. Solution:

Update to version 4.0.21
https://stackideas.com/blog/easydiscuss4021-update

last Exploits
Joomla! Component Easydiscuss < 4.0.21 - Cross-Site Scripting的更多信息

ccTiddly 1.7.6 – Multiple Remote File Inclusions：
Alguest 1.1 – ‘start’ SQL Injection：
Joomla! Component Deluxe Blog Factory 1.1.2 – Local File Inclusion：
D-Link DIR-600 / DIR-300 (Rev B) – Multiple Vulnerabilities：
Joomla! Component JE Quiz – ‘eid’ Blind SQL Injection：
Linksys WVBR0 – ‘User-Agent’ Remote Command Injection：
OpenSIS 8.0 – ‘cp_id_miss_attn’ Reflected Cross-Site Scripting (XSS)：
NopCommerce 4.2.0 – Privilege Escalation：