Volunerability: XSS/code ingection with frei-chat 2.0

Discussion regarding Joomla! 1.5 security issues.
Joomla! Vulnerable Extensions: http://feeds.joomla.org/JoomlaSecurityV ... Extensions

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
User avatar
nag_sunny
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 157
Joined: Sat Mar 28, 2009 6:29 am
Contact:

Volunerability: XSS/code ingection with frei-chat 2.0

Post by nag_sunny » Fri Jul 23, 2010 8:12 pm

Install the component from Google code (frei-chat2.0)
Login using two different Joomla accounts
Now the module shows one user to other
Enter the below text in one window

Code: Select all

<script>alert('hello')</script>
Now the alert will be displayed infinitely. You can execute any arbitrary JavaScript on other users machine.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15006
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Post by mandville » Fri Jul 23, 2010 9:27 pm

if this is http://extensions.joomla.org/extensions ... tion/13106 then the latest version is 2.1 (last update on Jul 12, 2010)

have you informed the developer?
is this a self found exploit or copied from somewhere. if needs be, send me the original exploit url by PM
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
nag_sunny
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 157
Joined: Sat Mar 28, 2009 6:29 am
Contact:

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Post by nag_sunny » Sun Jul 25, 2010 5:34 am

This I found with the latest version (downloaded day before). It is tested by me and not found anywhere else.
http://www.corejoomla.com
CjForum, CjFit, Community Surveys, Community Quiz, Community Answers, Community Polls, GPS Tools, Community Quotes, Crosswords, CjBlog

evnix
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Tue Jun 29, 2010 4:42 pm

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Post by evnix » Sun Jul 25, 2010 7:21 am

I am the author of FreiChat,

I have now fixed the vulnerability.
You can download the latest version here
http://code.google.com/p/frei-chat/downloads/list

Thankyou for informing me about the vulnerability.

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15006
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Post by mandville » Sun Jul 25, 2010 5:08 pm

thanks both. added to VEL and marked as resolved.
Evnix, can we have the latest secure version number please
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

evnix
Joomla! Apprentice
Joomla! Apprentice
Posts: 7
Joined: Tue Jun 29, 2010 4:42 pm

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Post by evnix » Tue Jul 27, 2010 10:56 am

can we have the latest secure version number please
The secure version number and the latest version that is available for now

2.1.2 for FreiChat [Those having CB installed]

AND

1.2.2 for FreiChatPure [Extension Independent]

comso
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Tue Jun 23, 2009 9:23 pm

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Post by comso » Mon Aug 09, 2010 7:13 pm

There still seems to be a intermittent issue when submitting in the chat area in Frei Chat Pure v1.2.2

After hitting enter in the text area, there is a carrige return executed instead of a submit.

I have tested with 5 users, 4 failed(carrige return ) instead of submit.

Joomla ver: Joomla! 1.5.15 Stable
PHP Version: 5.2.13
MySQL: 5.0.51a
json version: 1.2.1

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 15006
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Post by mandville » Mon Aug 09, 2010 9:14 pm

comso wrote:Joomla ver: Joomla! 1.5.15 Stable
that is more worrying than an extension issue to most people
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11978
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Post by brian » Mon Aug 09, 2010 9:54 pm

@comso thats a bug not a security issue isnt it? I suggest that you take up bug issues with the extension provider and dont hijaak unrelated forum posts
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

comso
Joomla! Apprentice
Joomla! Apprentice
Posts: 8
Joined: Tue Jun 23, 2009 9:23 pm

Re: Volunerability: XSS/code ingection with frei-chat 2.0

Post by comso » Tue Aug 10, 2010 1:54 pm

Thank you


Locked

Return to “Security in Joomla! 1.5”