[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla Component com_emihost Persistent xss Vulnerability

Author
Sid3^effects
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10314
Category
web applications
Date add
04-08-2010
Platform
php
===============================================
Joomla com_emihost Persistent xss Vulnerability
===============================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name :  Joomla com_emihost Persistent xss Vulnerability
Date : August, 3 2010
Critical Level     : HIGH
Vendor Url : http://emi.marsteam.net/
Google dork: inurl:com_emihost
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr
greetz to :www.topsecure.net ,trent Dillman,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
A simple easy to use Image hosting Component for Joomla Native 1.5  ,
which aims to make it easy to setup and maintain a image hosting site or a site for you to share
your photos with your friends, family and collegues. With the social bookmarking links generated for each image,
sharing your images or photos across the web couldn't be made any easier

###############################################################################################################

Xploit: Persistent xss Vulnerability

Step 1:Select "upload" option

Step 2 : Upload any image file and enter your xss script in the description area and upload :)

Step 3 : NOw check your uploaded file

DEMO URL :http://emi.marsteam.net/demo/index.php?option=com_emihost&task=upload.showUploaded&Itemid=53
Screen shot :http://img832.imageshack.us/img832/4549/emihost.png
###############################################################################################################
# 0day no more
# Sid3^effects 



#  0day.today [2024-12-25]  #