JoomlaXi Persistent XSS Vulnerability



EKU-ID: 626 CVE: OSVDB-ID:
Author: Karthik R Published: 2011-06-27 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


1.JoomlaXi persistent XSS vulnerabilty
  vendor: www.joomlaxi.com
  Author: 3psil0nLambDa a.k.a Karthik
  Email:  Karthik.cupid@gmail.com<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>
  My blog: epsilonlambda.co.cc
  Google dork: © 2008-2010 JoomlaXi.

------------------------------------------------------------------------------------------------------------------------------------------------------------

Description about the CMS

JoomlaXi enrich web applications that facilitate interactive information sharing, interoperability, user-centered design, and collaboration on the World Wide Web.We are committed to develop most demanded and required applications in the field of Open Source. JoomlaXi was founded for breaking new ground and giving best solution to this world.

JoomlaXi works in a specific approach as:

Research the demand of Public in the field of Open Source;
Provide them user friendly solutions to reach among those demands;
Develop Software Products with the best assurance of services and support.

JoomlaXi, A team since 2009, breaking its own limits every time has a large list of satisfied customers. Team has young, dynamic & talented team that drives the company passionately towards its goal.


 
------------------------------------------------------------------------------------------------------------------------------------------------------------
* Persistent XSS vulnerability

Event module in the front end,  persistent XSS vulnerability

Exploit: "><IFRAME SRC="javascript:alert('XSS');"></IFRAME>

Example: Front end demo-> markmessier->events-> type the above tags in the input fields and save the event-> View profile

you ll see a pop up ;) \m/


------------------------------------------------------------------------------------------------------------------------------------------------------------

Thanks to side-effects for his valuable guidance and greets to taashu for her love and support.