mailing list archives
Re: Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Fri, 14 Jan 2011 02:43:23 +0800
Niels Braczek From Germany Joomla! Community has released a patch:
It uses the same Joomla! filtering function and thus it's supposed to safe.
For your convenience, download the patched file from
Joomla! 1.0.x ~ 1.0.15 | Cross Site Scripting (XSS) Vulnerability
The Joomla! 1.0.x series are currently vulnerable to Cross Site Scripting.
CVE ID, CVE-2011-0005, has been assigned for it.
Joomla! is a free and open source content management system (CMS) for
publishing content on the World Wide Web and intranets.
3. VULNERABILITY DESCRIPTION
The "ordering" parameter in a core module,com_search, is not properly
sanitized and thus vulnerable to XSS.
By leveraging this vulnerability, attackers can compromise currently
logged-in user/administrator session and impersonate arbitrary user
actions available under /administrator/ functions. As the
vulnerability is based on the core module, it affects both classic and
customized Joomla! 1.0.x based web sites.
4. VERSIONS AFFECTED
Joomla! 1.0.x ~ 1.0.15 series
Joomla 1.0.x series has been at end of life since 2009-07-22.
Upgrade to Joomla! 1.5.x family (1.5.22 as of 2011-01-06)
Apply the third-party patch:
Joomla! Developer Team
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.
9. DISCLOSURE TIME-LINE
2011-01-03: notified Joomla! Security Strike Team regardless of EOL status
2011-01-06: vulnerability disclosed
2011-01-07: vendor confirmed that they would not release patch
10. VENDOR RESPONSE
While noted, your exploit report does not fall within the JSST remit as
we no longer support J1.0.x branch (as you are aware and indicate).
The vulnerability mentioned is not known to exist in any current supported release.
Please ensure you are using the latest version of Joomla!
Original Advisory URL:
Patched File: http://yehg.net/lab/pr0js/advisories/joomla/core/patched_com_search.zip
Joomla! 1.0.x End of Life -
OWASP Top 10: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
#updated - 2011-01-14
- added patched link
#updated - 2011-01-07
- added VENDOR RESPONSE, CVE ID
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/