Joomla! XSS vulnerabilities were discovered in May 2010 that affected all versions of Joomla! prior to 1.5.18. The vulnerabilities allowed attackers to execute arbitrary JavaScript code on websites using vulnerable versions of Joomla! by exploiting parameters in URLs. The vulnerabilities were responsibly disclosed to the development team and a fixed version was quickly released.

1. Joomla! XSS Vulnerabilities-- Riyaz Ahemed Walikar

2. BackgroundJoomla! - Content Management SystemPHP, MySQLEase of design and publishingAdmin ModuleUser pages

3. Exampleshttp://www.danone.com/?lang=en http://www.itwire.com/ http://vho.nasa.gov/http://new.lincolncenter.org/live/http://www.spl.usace.army.mil/cms/index.php http://tatanano.inservices.tatamotors.com/tatamotors/index.php

4. ToolsLocal installationFirefox + web developer addonPatience!

5. HowToInstall Joomla! locallyOpen in FirefoxLogin to Admin ModuleChange POSTs to GETsInsert script tags and alert (‘xss’) on various URL parametersIf (alert=true) { print “yay!!”}

6. TechnojabbleThe search parameterExploit code" onmousemove=alert('xss') />" onmousemove=alert(document.cookie) />" onmousemove=window.location.assign(url) />17 component modulesAll versions prior to 1.5.18Phishing, malware download, cookie stealing etc.

7. TimelineDiscovered between May 10th -12thInformed JSST on May 13thAcknowledged on May 13thConstant updatesFixed version release May 28thFixed Version 1.5.18 [latest stable]Bugtraq and Secunia June 2ndNVD June 4th

8. ReferencesCONFIRMhttp://developer.joomla.org/security/news/314-20100501-core-xss-vulnerabilities-in-back-end.htmlCVE-2010-1649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1649BID: 40444www.securityfocus.com/bid/40444

9. ReferencesOSVDB: 65011http://www.osvdb.org/65011SECUNIA: 39964http://secunia.com/advisories/39964Keeda ID: K-31

10. Thank You!riyazwalikar@gmail.com