Tuesday, 22 January 2013

Joomla Incapsula Component <= 1.4.6_b Reflected Cross-Site Scripting Vulnerability

Vendor: Incapsula Inc.
Product web page: http://www.incapsula.com
Affected version: 1.4.6_b and bellow

Summary: Once installing the Incapsula for Joomla component, simply
make the provided DNS changes and within minutes your website traffic
will be seamlessly routed through Incapsula’s globally distributed
network of POPs.

Desc: The Joomla Incapsula component suffers from a XSS issue due
to a failure to properly sanitize user-supplied input to the 'token'
GET parameter in the 'Security.php' and 'Performance.php' scripts.
Attackers can exploit this weakness to execute arbitrary HTML and
script code in a user's browser session.


22: <a href="https://my.incapsula.com/billing/selectplan?token=
<?php echo $_GET['token']; ?> target="_blank" class="IFJ_link">
Click here</a> to upgrade your account


22: <a href="https://my.incapsula.com/billing/selectplan?token=
<?php echo htmlentities($_GET['token']); ?>" target="_blank"
class="IFJ_link">Click here</a> to upgrade your account


Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
Apache 2.4.2 (Win32)
PHP 5.4.4
MySQL 5.5.25a

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

Advisory ID: ZSL-2013-5121
Advisory URL: http://www.zeroscience.mk/en/vulnerabili...3-5121.php



1 comment:

  1. By the time the mechanic was finished it was time to pick the boys up from practice and bring them home again (this time without
    the diaper). Every 1 degree you reduce the temperature cuts your energy
    consumption by 5 to 10 percent. It is illegal
    to resell or attempt to resell a recalled consumer

    My web-site; space heater