Entries Tagged with ‘XSS’

Download The Joomla Hacking Compendium here. With great pleasure I hereby announce the availability of the new “The Joomla Hacking Compendium”. It contains almost 1000 lines of pure knowledge and shows you the way to hack and protect Joomla. It contains the following chapters: Please find an excerpt below:

(Continue reading…)

Since my favorite XSS cheat sheet is down, I decided to compose an own cheat sheet which is a collection of a few sources and based on my personal experience. It is nothing special and does not include the features of other cheat sheets (e.g. browser compatibility, hex conversion etc.), but it is not ment […]

(Continue reading…)

Please view the original advisory/exploit here. The South Korean Community/Website/Content Management System UTW suffers from various vulnerabilities. Local File Inclusion Script: utw_lib/get_file.php Parameters: file, rfile Example: utw_lib/get_file.php?rfile=<local path>&file=<local file name> The script get_file.php is vulnerable to local file inclusion attacks. Arbitrary files can be viewed by combining the values for the rfile and file parameters. […]

(Continue reading…)

I just received notice from bugsearch.net that they closed the XSS vulnerability I discovered a few hours ago. That was fast

(Continue reading…)

I just submitted two “exploits” to bugsearch.net and was able to view them on the website although they were not published yet by the staff members. This can be done by viewing the RSS feed and then clicking on the latest link (e.g. your submitted sploit). I submitted an exploit which contains XSS code. Surprisingly […]

(Continue reading…)

Please view the original advisory/exploit here. The Joomla component com_jsupport suffers from a critical XSS vulnerability: The component allows you to create and submit tickets. The tickets can be viewed on the website and in the admin panel. It is possible to inject arbitrary HTML and JS/VBS code into the title field of the ticket. […]

(Continue reading…)

Please view the original file here. Multiple vulnerabilities within the Zeeways Adserver were found. >> SQL Injection Multiple scripts with multiple parameters are affected from this vulnerability. Example #1: index.php?section=redir&affid=0&kid=0&zid=[SQL Injection] Example #2: Visit the “register” page index.php?section=user&action=register and enter your SQLi string into the email field. Fill out the other fields with some normal […]

(Continue reading…)

Please view the original advisory/exploit here. The Joomla component com_restaurantguide suffers from multiple vulnerabilities. >> SQL Injection index.php?option=com_restaurantguide&view=country&id=’&Itemid=69 (id parameter is vulnerable) >> HTML/JS/VBS Code Injection (all input fields, also in the admin backend) It is possible to inject HTML/JS/VBS code into the document although XSS filters are active. Simply end the current HTML tag […]

(Continue reading…)

Some of you might have read my little tutorial about how to use Google Skipfish for web vulnerability scanning. While I was fascinated by the efficiency and speed of this application, I started to use it more often. Although manual testing can’t be replaced by a machine, web vulnerability scanners are still a helping hand. During […]

(Continue reading…)

In May 2010 I discovered several XSS vulnerabilities within the Joomla components Card View JX and Table JX which were all based on the famous com_grid component. Until now those vulnerabilities remained unpatched. Today I received an email from David Mavec who is one of the guys working on com_grid. According to him, all vulnerabilities […]

(Continue reading…)