Re: Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities

[YGN Ethical Hacker Group <lists () yehg net>]

> Did you really test a code base that is a version of an old Joomla base
No

> or did you look at the code, and test old Joomla bugs against it?
No


The XSS results are from purely blackbox scan on Mambo 4.6.5.


Joomla (Joomla! 1.0.0) was released on September 16, 2005. It was a
re-branded release of Mambo 4.5.2.3 which, itself, was combined with
other bug and moderate-level security fixes.

> From that statement, it can be assumed that the code bases of Mambo
4.5.2.4 and higher  are different from those of Joomla! 1.1 and
higher.  As you can say so, we may sync old Joomla! 1.x bugs in Mambo
4.6.x. But it may be time-consuming to analyze the code changes and
validity of bugs in each version of both CMS.


https://secure.wikimedia.org/wikipedia/en/wiki/Joomla
http://www.joomla.org/announcements/general-news/154-introducing-joomla-10.html



> I thought these were found in Joomla ages ago?
No.


> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/