JoomlaXi persistent XSS vulnerabilities

  DISCLAIMER:
  The author bears no responsibility for the misuse of the exploit.
  The exploit is published here, for the educational purpose of how
  to find persistent XSS vulnerabilities in a web application.
  Misuse of Exploits for illegal purpose is a crime and punishable
  under law.
------------------------------------------------------------------------
  JoomlaXi persistent XSS vulnerabilty
  vendor: www.joomlaxi.com
  Author: 3psil0nLambDa
  Google dork: © 2008-2010 JoomlaXi.

Description about the CMS

JoomlaXi enrich web applications that facilitate interactive 
information sharing, interoperability, user-centered design, 
and collaboration on the World Wide Web.We are committed to 
develop most demanded and required applications in the field 
of Open Source. JoomlaXi was founded for breaking new ground
and giving best solution to this world.

JoomlaXi, A team since 2009, breaking its own limits every time
has a large list of satisfied customers. Team has young, dynamic
& talented team that drives the company passionately towards its
goal.

Persistent XSS vulnerability

Event module in the front end,  persistent XSS vulnerability

Exploit: "%3E%3CIFRAME SRC="javascript:alert('XSS');"%3E%3C%2FIFRAME%3E

Example: Front end demo-> markmessier->events-> type the above tags in 
the input fields and save the event-> View profile 

you ll see a pop up ;) \m/

Thanks to side-effects for his valuable guidance and greets to taashu 
for her love and support.

Cheers \m/
Until Next time 3psil0nLamBdA signing off
Advertisements

Posted on June 25, 2011, in Uncategorized. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: