Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Letterman subscriber module XSS vulnerability
From: <edi.strosar () varnostne-novice com>
Date: Thu, 14 Jun 2007 13:51:56 -0400


=========================================================================
TeamIntell Security Advisory TISA2007-01
-------------------------------------------------------------------------
Letterman Subscriber Module "Itemid" Script Insertion 
Vulnerability
=========================================================================


Release Date:    14.06.2007
Severity:        Less critical
Impact:          Cross Site Scripting (XSS)
Status:          Official patch available
Software:        Letterman Subscriber Module 
(mod_letterman)
Developer:       http://www.thejfactory.com/
Disclosed:       Edi Strosar (TeamIntell)


-------------   
Description:
-------------

TeamIntell has reported a vulnerability in Letterman 
Subscriber Module (mod_letterman) for Joomla! CMS which 
can be exploited by malicious people to conduct script 
insertion attacks.

Input passed to the "Itemid" parameter in 
mod_lettermansubscribe.php is not properly sanitised 
before being used. This can be exploited to insert 
arbitrary HTML and script code in a user's browser session 
in context of an affected site.

The vulnerability is reported in version 1.2.4-RC1. Other 
versions may also be affected.


------------------
Proof of Concept:
------------------

http://localhost/index.php?option=com_letterman&task=view&id=1&Itemid=1";><script>alert(String.fromCharCode(88,83,83))</script>


----------
Solution:
----------
Developer has released version 1.2.5 which fixes this 
issue.


---------
Contact:
---------

Maldin d.o.o.
Trzaska cesta 2
1000 Ljubljana - SI

tel: +386 (0)590 70 170
fax: +386 (0)590 70 177
gsm: +386 (0)31 816 400
web: www.teamintell.com
e-mail: info () teamintell com


------------
Disclaimer:
------------

The content of this report is purely informational and 
meant for educational purposes only. Maldin d.o.o. shall 
in no event be liable for any damage whatsoever, direct or 
implied, arising from use or spread of this information. 
Any use of information in this advisory is entirely at 
user's own risk.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Letterman subscriber module XSS vulnerability edi.strosar (Jun 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault