Name : Joomla Health & Fitness Stats Persistent XSS Vulnerability
Date : july 12,2010
Critical Level : HIGH
vendor URL :http://joomla-extensions.instantiate.co.uk/jcomponents/healthstats
Author : Sid3^effects aKa HaRi
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description
To allow users of an Exercise & Fitness community site to be able to record their progress of various health and fitness measures such as body weight, blood pressure, number of press-ups in 60seconds, time for 1000m run etc. Goals can be set by the user which appear as red lines across the graph area. The user is also given the option to create 'custom stats' for which they can set the unit of measurement and whether best is highest or lowest.
This component also includes a Central Stats page which pulls together the most recent values of each user for each parameter and averages these for Male and Female users.
#######################################################################################################
Xploit: Persistent XSS Vulnerability
This vulnerability exists in the comments section.
1. Goto any of the option like HEALTH STATS,FITNESS STATS or CUSTOM STATS
2. Select Add/Update option and insert your xss script :)
3. Once inserted goto Edit records and check your xss :P
Attack Pattern:">><marquee><h1>XSS3d by Sid3^effects</h1><marquee>
DEMO URL : http://<site>/jcomponents/healthstats/statistics-demo