Acunetix WVS 8 Released Candidate Now Available!
Acunetix WVS 8 Released Candidate Now Available!
January 25, 2012 – 10:47 pm | No Comment
Read the full story »
releases

Acunetix Web Vulnerability Scanner Product Releases

docs & FAQs

Acunetix technical documentation and FAQ

news

Acunetix Company and Web Security news, & Press Releases

events

Acunetix Webinars, Events and Training around the world

web security zone

Everything you need to know about Web Security

Home » articles, web security zone

VIDEO: Exploiting a Cross Site Scripting vulnerability in Mambo CMS

Submitted by on April 13, 2010 – 6:53 pm5 Comments

In this video we look into the details of how an attacker is able to exploit a Cross Site Scripting vulnerability in Mambo CMS (version: 4.6.5), discovered by Bogdan Calin with Acunetix Web Vulnerability Scanner.

This vulnerability is affecting a POST parameter in the Mambo CMS administration interface.  The attacker prepares a custom web page, which when the victim visits it, a form will be automatically submitted in the background, thus exploiting the vulnerability.  The form is hidden from the user in an iframe tag.

Once the victim, in this case a Mambo administrator visits this page, his cookie details are logged into a file, which the attacker can use to gain access to the Mambo CMS administration interface. Watch the full video for more in-depth details.

Click here for high resolution version.

Subscribe to the Acunetix YouTube channel to be automatically notified when new web security and Acunetix WVS videos are uploaded.

Be Sociable, Share!

5 Comments »

  • Week 15 in Review – 2010 | Infosec Events says:
    April 21, 2010 at 10:44 am

    [...] Exploiting a Cross Site Scripting vulnerability in Mambo CMS – acunetix.com In this video we look into the details of how an attacker is able to exploit a Cross Site Scripting vulnerability in Mambo CMS (version: 4.6.5). [...]

  • oab says:
    April 25, 2010 at 6:35 pm

    I don’t think I understand how this works.

    1) The victim is logged onto his mambo administration
    2) victim opens email with link and clicks the link
    3) The link contains a video and an Iframe

    What does the Iframe do? Does the Iframe contain a script that loops through the cookies on the victim’s browser and then finds the desired cookie and then passes the cookie onto the logger.php?

  • oab says:
    April 25, 2010 at 7:53 pm

    …and by the way – you say there’s a vulnerability in Mambo – but you never clarify on this – I think this is the part that confuses me: you never mention anything regarding a vulnerability in mambo.

  • Bogdan Calin says:
    April 26, 2010 at 2:46 pm

    @oab: Yes, the iframe prepares a form, including the XSS exploit in one of the parameters and submits that form. The XSS exploit will submit victim’s cookie to the logger.php file.
    Yes, I didn’t mentioned anything about the Mambo XSS vulnerability because I don’t want to directly help the script kiddies. However, all the information is there, in the video (including the vulnerable parameter). The XSS was submitted a few weeks ago to the Mambo team and was fixed since then.

  • News Exploiting a Cross Site Scripting vulnerability in Mambo CMS | Web 2.0 Designer says:
    May 4, 2010 at 11:36 am

    [...] Read more: Exploiting a Cross Site Scripting vulnerability in Mambo CMS [...]

Leave a comment!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.