[Full-disclosure] New vulnerabilities in Joomla
mustlive at websecurity.com.ua
Fri Dec 10 18:51:33 GMT 2010
I want to warn you about Insufficient Anti-automation, Abuse of
Functionality and Cross-Site Scripting vulnerabilities in Joomla.
Vulnerabilities exist in component com_mailto, which is a core component
Vulnerable are all versions of Joomla with corresponding functionality
(Joomla! 1.5.22 and previous versions). XSS vulnerabilities are lacking in
Joomla! 1.5.21 and 1.5.22 (security site, where I found these
vulnerabilities, is using old version of Joomla), so they exist in more
earlier versions of the system.
In details about such Insufficient Anti-automation and Abuse of
Functionality vulnerabilities it's possible to read in my article Sending
spam via sites and creating spam-botnets
Insufficient Anti-automation (WASC-21):
There is no protection at the page from automated requests (captcha). The
time-out is using for protection in the system, but it's easily bypassing.
Abuse of Functionality (WASC-42):
It's possible to send spam to arbitrary e-mails (it's possible to spoof all
important fields, and also to spoof URL in Joomla before 1.5.7). And with
using of Insufficient Anti-automation vulnerability it's possible to send
spam from the site in automated manner on a large scale.
POST request at page http://site/component/mailto/?tmpl=component&link=1
In fields: E-mail to, Sender, Your E-mail, Subject.
2010.09.21 - announced at my site.
2010.09.23 - informed developers.
2010.12.09 - disclosed at my site.
I mentioned about these vulnerabilities at my site
Best wishes & regards,
Administrator of Websecurity web site
Full-Disclosure is hosted and sponsored by Secunia.