Joomla! 1.x ~ 1.0.15 Cross Site Scripting (XSS)

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
yehgnet
Joomla! Apprentice
Joomla! Apprentice
Posts: 21
Joined: Thu Dec 11, 2008 12:51 pm
Location: MM
Contact:

Joomla! 1.x ~ 1.0.15 Cross Site Scripting (XSS)

Post by yehgnet » Wed Jan 05, 2011 6:07 pm

As Joomla! 1.x has been at the end of Life since 2009-07-22, I think this bug will not be fixed.

As you know, this has been existing since the release of Joomla 1.0.15, 22-February-2008 23:00 UTC. It's as old as nearly 3 years.

Unfortunately, we regret we neglected to test Joomla 1.0.15 within its Life time.

However, concerned webmasters can now be aware of this flaw. It would be too unethical for us to hide this flaw.

The "ordering" parameter in a core module,com_search, is not properly sanitized and thus vulnerable to XSS. By leveraging this vulnerability, attackers can compromise currently logged-in user/administrator session and impersonate arbitrary user actions available under /administrator/ functions. As the vulnerability is based on the core module, it affects both classic and customized Joomla! 1.0.x based web sites.


PROOF-OF-CONCEPT

Code: Select all

http://attacker.in/joomla1015/index.php?option=com_search&searchword=xss&searchphrase=any&ordering=newest%22%20onmousemove=alert%28document.cookie%29%20style=position:fixed;top:0;left:0;width:100%;height:100%;%22
From
http://yehg.net/lab/pr0js/advisories/joomla/core/[joomla_1.0.x~15]_cross_site_scripting

 
User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14941
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Joomla! 1.x ~ 1.0.15 Cross Site Scripting (XSS)

Post by mandville » Wed Jan 05, 2011 6:38 pm

noted your report on a retired EOL product 24 hours after you minimal report to the JSST.
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

User avatar
mandville
Joomla! Master
Joomla! Master
Posts: 14941
Joined: Mon Mar 20, 2006 1:56 am
Location: The Girly Side of Joomla in Sussex

Re: Joomla! 1.x ~ 1.0.15 Cross Site Scripting (XSS)

Post by mandville » Fri Jan 07, 2011 8:46 am

The vulnerability mentioned is not known to exist in any current supported release. Please ensure you are using the latest version of Joomla!
HU2HY- Poor questions = Poor answer
Un requested Help PM's will be reported, added to the foe list and possibly just deleted
{VEL Team Leader}{TM Auditor }{ Showcase & Security forums Moderator}

natecovington
Joomla! Explorer
Joomla! Explorer
Posts: 435
Joined: Tue Jul 29, 2008 11:54 pm
Location: NE PA
Contact:

Re: Joomla! 1.x ~ 1.0.15 Cross Site Scripting (XSS)

Post by natecovington » Mon Jan 10, 2011 10:12 pm

Ok, so does this vulnerability actually exist? If so, what is the fix/patch? It's no secret that there are a number of Joomla 1.0 sites floating around...

[edit]just read that this only exists when administrator is logged in? - not quite as urgent as I first read through this post?[/edit]
I am available for professional Joomla support, consulting, and custom work:
www.covingtoncreations.com

User avatar
thefactory
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 177
Joined: Mon Apr 23, 2007 12:04 pm
Location: Bukarest, Rumänien
Contact:

Re: Joomla! 1.x ~ 1.0.15 Cross Site Scripting (XSS)

Post by thefactory » Mon Jan 24, 2011 9:29 am

This vulnerability seems to be real. At least the proof of concept worked on an J1.0.15 installation i had.

This patch fixed the issue:

http://www.joomlaportal.de/sicherheit/2 ... ility.html

It's a german forum, but you can easy get the idea
http://www.thephpfactory.com- home of Auction Factory,
Article Manager, Blogging
Yahoo Answers Clone and Classified Extensions
and the new Dating and Matchmaking Extension - http://lovefactory.thephpfactory.com/

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11928
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: Joomla! 1.x ~ 1.0.15 Cross Site Scripting (XSS)

Post by brian » Wed Feb 16, 2011 10:12 pm

I can confirm the vulnerability

I can confirm that the patch available at joomlaportal fixed the vulnerability
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/

 

Locked

Return to “Security - 1.0.x”