[OWASP-Bangalore] [20100501] - Core - XSS Vulnerabilities in Back End Administrative Module

Walikar Riyaz Ahemed Dawalmalik WalikarRiyazAD at microland.com
Sun May 30 05:58:22 EDT 2010 

Hi,

This is regarding multiple XSS vulnerabilities in core components of the administrative section of Joomla!.

* Project: Joomla!
* SubProject: All
* Severity: High
* Versions: 1.5.17 and all previous 1.5 releases
* Exploit type: XSS Injection
* Reported Date: 2010-May-13
* Fixed Date: 2010-May-28
* Fixed Version: Joomla! 1.5.18
* Update Download Link: http://www.joomla.org/download.html
* Info URL: http://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.html

Vulnerability Details:

User can execute arbitrary JavaScript code within the vulnerable application.


The vulnerability arises due to the administrator core components failing to properly sanitize user-supplied input in the "search" variable. Successful exploitation of this vulnerability could result in, but not limited to, compromise of the application, theft of cookie-based authentication credentials, arbitrary url redirection, disclosure or modification of sensitive data and phishing attacks.


An attacker can send a link with the exploit to an administrator whose access could compromise the application.

All admins who use Joomla! version 1.5.17, please update to the latest version.

Warm Regards,
Riyaz Ahemed Walikar
Vulnerability Assessment & Penetration Testing
Microland Limited
India's leading Infrastructure Management Services Company


The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. 
Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon,this information by persons or entities other than the intended recipient is prohibited. 
If you received this in error, please contact the sender and delete the material from your computer. 
Microland takes all reasonable steps to ensure that its electronic communications are free from viruses. 
However, given Internet accessibility, the Company cannot accept liability for any virus introduced by this e-mail or any attachment and you are advised to use up-to-date virus checking software. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20100530/b0dfe618/attachment.html

More information about the OWASP-Bangalore mailing list