The Joomla Hacking Compendium

Download The Joomla Hacking Compendium here. With great pleasure I hereby announce the availability of the new “The Joomla Hacking Compendium”. It contains almost 1000 lines of pure knowledge and shows you the way to hack and protect Joomla. It contains the following chapters: Please find an excerpt below:... Read More

Little XSS Cheat Sheet added

Since my favorite XSS cheat sheet is down, I decided to compose an own cheat sheet which is a collection of a few sources and based on my personal experience. It is nothing special and does not include the features of other cheat sheets (e.g. browser compatibility, hex conversion etc.), but it is not ment […]... Read More

South Korean UTW CMS Multiple Vulnerabilities

Please view the original advisory/exploit here. The South Korean Community/Website/Content Management System UTW suffers from various vulnerabilities. Local File Inclusion Script: utw_lib/get_file.php Parameters: file, rfile Example: utw_lib/get_file.php?rfile=<local path>&file=<local file name> The script get_file.php is vulnerable to local file inclusion attacks. Arbitrary files can be viewed by combining the values for the rfile and file parameters. […]... Read More XSS vulnerability

I just submitted two “exploits” to and was able to view them on the website although they were not published yet by the staff members. This can be done by viewing the RSS feed and then clicking on the latest link (e.g. your submitted sploit). I submitted an exploit which contains XSS code. Surprisingly […]... Read More

Joomla Component com_jsupport Critical XSS Vulnerability

Please view the original advisory/exploit here. The Joomla component com_jsupport suffers from a critical XSS vulnerability: The component allows you to create and submit tickets. The tickets can be viewed on the website and in the admin panel. It is possible to inject arbitrary HTML and JS/VBS code into the title field of the ticket. […]... Read More

Zeeways Adserver Multiple Vulnerabilities

Please view the original file here. Multiple vulnerabilities within the Zeeways Adserver were found. >> SQL Injection Multiple scripts with multiple parameters are affected from this vulnerability. Example #1: index.php?section=redir&affid=0&kid=0&zid=[SQL Injection] Example #2: Visit the "register" page index.php?section=user&action=register and enter your SQLi string into the email field. Fill out the other fields with some normal […]... Read More

Joomla Component com_restaurantguide Multiple Vulnerabilities

Please view the original advisory/exploit here. The Joomla component com_restaurantguide suffers from multiple vulnerabilities. >> SQL Injection index.php?option=com_restaurantguide&view=country&id=’&Itemid=69 (id parameter is vulnerable) >> HTML/JS/VBS Code Injection (all input fields, also in the admin backend) It is possible to inject HTML/JS/VBS code into the document although XSS filters are active. Simply end the current HTML tag […]... Read More

Security / Penetration Testing (Debian/Ubuntu) – Why Google Skipfish failes to be a top-class web vulnerability scanner

Some of you might have read my little tutorial about how to use Google Skipfish for web vulnerability scanning. While I was fascinated by the efficiency and speed of this application, I started to use it more often. Although manual testing can’t be replaced by a machine, web vulnerability scanners are still a helping hand. During […]... Read More

com_grid XSS Vulnerabilities closed

In May 2010 I discovered several XSS vulnerabilities within the Joomla components Card View JX and Table JX which were all based on the famous com_grid component. Until now those vulnerabilities remained unpatched. Today I received an email from David Mavec who is one of the guys working on com_grid. According to him, all vulnerabilities […]... Read More