Minify4Joomla Upload and Persistent XSS Vulnerability

vendor:

Minify4Joomla

by:

Sid3^effects aKa HaRi

7,5

CVSS

HIGH

XSS

CWE

Product Name: Minify4Joomla

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Minify4Joomla Upload and Persistent XSS Vulnerability

Minify4Joomla is a PHP5 app that can combine multiple CSS or JavaScript files, compress their contents, and cache them on demand to speed up page loads. An attacker can exploit this vulnerability by registering and submitting an article with an XSS attack pattern, which will be stored in the database and executed when the article is viewed.

Mitigation:

Ensure that user-supplied input is properly sanitized and validated before being stored in the database.

Source

Exploit-DB raw data:

        =======================================================
         Minify4Joomla Upload and Persistent XSS Vulnerability
        =======================================================

Name :  Minify4Joomla Upload and Persistent XSS Vulnerability
Date : july 9,2010
Critical Level 	: HIGH
vendor URL :http://waltercedric.com/
Author : Sid3^effects aKa HaRi 
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description 

Minify4Joomla combines, minifies, and caches JavaScript and CSS files on demand to speed up page loads. Minify (BSD license) is a PHP5 app that can combine multiple CSS or JavaScript files, compress their contents 

######################################################################################################
Xploit :Upload Vulnerability

Step 1 : Register :D 

Step 2 : Submit your article which has your evil script :P
 Demo Url :http://website/index.php?option=com_content&view=article&layout=form&Itemid=51

Step 3 : Now check your article..
#######################################################################################################
Xploit: Persistent XSS Vulnerability

Attack pattern :">><marquee><h1>XSS3d By Sid3^effects</h1><marquee> 

1.The attacker can insert xss scripts in the article section..
2.To submit your evil xss register and then go and submit your article 

Demo url : http://website/index.php?option=com_content&view=article&layout=form&Itemid=51

3.Now  check your article 
#######################################################################################################
# 0day no more 
# Sid3^effects