=======================================================
Minify4Joomla Upload and Persistent XSS Vulnerability
=======================================================
Name : Minify4Joomla Upload and Persistent XSS Vulnerability
Date : july 9,2010
Critical Level : HIGH
vendor URL :http://waltercedric.com/
Author : Sid3^effects aKa HaRi
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description
Minify4Joomla combines, minifies, and caches JavaScript and CSS files on demand to speed up page loads. Minify (BSD license) is a PHP5 app that can combine multiple CSS or JavaScript files, compress their contents
######################################################################################################
Xploit :Upload Vulnerability
Step 1 : Register :D
Step 2 : Submit your article which has your evil script :P
Demo Url :http://website/index.php?option=com_content&view=article&layout=form&Itemid=51
Step 3 : Now check your article..
#######################################################################################################
Xploit: Persistent XSS Vulnerability
Attack pattern :">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>
1.The attacker can insert xss scripts in the article section..
2.To submit your evil xss register and then go and submit your article
Demo url : http://website/index.php?option=com_content&view=article&layout=form&Itemid=51
3.Now check your article
#######################################################################################################
# 0day no more
# Sid3^effects
