Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 149934 - Joomla characters’s injection.
Summary: Joomla characters’s injection.
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All All
: High minor (vote)
Assignee: Gentoo Web Application Packages Maintainers
URL: http://www.0x656d67.org/2006/10/02/jo...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-10-03 03:41 UTC by Emanuele Gentili
Modified: 2006-10-06 02:23 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Emanuele Gentili 2006-10-03 03:41:33 UTC 
In the Joomla survey modules, there is a little problem that originates character injections.

http://www.site.dom/index.php?option=com_poll&task=results&id=18&mosmsg=messages

You can edit
Comment 1 Emanuele Gentili 2006-10-03 03:41:33 UTC 
In the Joomla survey modules, there is a little problem that originates character injections.

http://www.site.dom/index.php?option=com_poll&task=results&id=18&mosmsg=messages

You can edit messages and insert what you prefer; 
Module capture it and show the messages in the page.

Try it:
http://www.slacky.it/index.php?option=com_poll&task=results&id=18&mosmsg=TEST
(my friend website)


http://demo.joomla.org/ Vulnerable too.
Comment 2 Tavis Ormandy (RETIRED) gentoo-dev 2006-10-03 03:45:06 UTC 
doesnt look like there's any xss there, so this doesnt look like a security issue, reassigning to maintainer...
Comment 3 Emanuele Gentili 2006-10-03 03:46:43 UTC 
(In reply to comment #1)
> doesnt look like there's any xss there, so this doesnt look like a security
> issue, reassigning to maintainer...
> 

Sure isnt XSS but bad coding that originates charaters injection.
Comment 4 Emanuele Gentili 2006-10-03 04:28:40 UTC 
CMS usually use Global Active Var..

Joomla used mosmsg only for survey modules, and i think this alpha-patch:

$mosmsg='Thanks for your vote!';
Comment 5 Renat Lumpau (RETIRED) gentoo-dev 2006-10-03 21:01:52 UTC 
please report upstream
Comment 6 Emanuele Gentili 2006-10-04 11:37:34 UTC 
(In reply to comment #4)
> please report upstream
> 

Joomla Dev. contacted. :)
Comment 7 Sam Moffatt 2006-10-05 19:26:41 UTC 
slacky.it doesn't appear to be a Joomla! site but a Mambo site, can you please verify what version of Joomla! that they are running and also check that they are running the latest version of Joomla!

In addition, I do not seem to be able to validate this. I used the following URL:
http://demo.joomla.org/index.php?option=com_poll&task=results&id=14&mosmsg=XSS

Kind Regards,
Sam Moffatt,
Joomla! Core Developer
Comment 8 Emanuele Gentili 2006-10-06 02:23:40 UTC 
(In reply to comment #6)
> slacky.it doesn't appear to be a Joomla! site but a Mambo site, can you please
> verify what version of Joomla! that they are running and also check that they
> are running the latest version of Joomla!
> 
> In addition, I do not seem to be able to validate this. I used the following
> URL:
> http://demo.joomla.org/index.php?option=com_poll&task=results&id=14&mosmsg=XSS
> 
> Kind Regards,
> Sam Moffatt,
> Joomla! Core Developer
> 


It's ok.

Now isnt bugged but first yes.
I tryed it some times ago in demo.joomla.org and i remember that bug worked.

see http://www.zone-h.org/component/option,com_poll/task,results/id,19/?mosmsg=VULN