As you know, this has been existing since the release of Joomla 1.0.15, 22-February-2008 23:00 UTC. It's as old as nearly 3 years.
Unfortunately, we regret we neglected to test Joomla 1.0.15 within its Life time.
However, concerned webmasters can now be aware of this flaw. It would be too unethical for us to hide this flaw.
The "ordering" parameter in a core module,com_search, is not properly sanitized and thus vulnerable to XSS. By leveraging this vulnerability, attackers can compromise currently logged-in user/administrator session and impersonate arbitrary user actions available under /administrator/ functions. As the vulnerability is based on the core module, it affects both classic and customized Joomla! 1.0.x based web sites.
PROOF-OF-CONCEPT
Code: Select all
http://attacker.in/joomla1015/index.php?option=com_search&searchword=xss&searchphrase=any&ordering=newest%22%20onmousemove=alert%28document.cookie%29%20style=position:fixed;top:0;left:0;width:100%;height:100%;%22
http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.0.x~15]_cross_site_scripting