Joomla Matukio Events 7.0.5 Cross Site Scripting ≈ Packet Storm – Digitalmunition

Exploit/Advisories no-image-featured-image.png

Published on March 9th, 2021 📆 | 3569 Views ⚑


Joomla Matukio Events 7.0.5 Cross Site Scripting ≈ Packet Storm

# Exploit Title:Joomla Matukio Events 7.0.5 Stored XSS
# Date:08.03.2021
# Author: Vincent666 ibn Winnie
# Software Link:
# Tested on: Windows 10
# Web Browser: Mozilla Firefox
# My Youtube Channel :
# Google Dorks: inurl:option=com_matukio


I found simple , but interesting stored xss in Matukio Events.

Press “Book Now”:

Field “Comments” vulnerable to XSS and html code injection.

Put xss code and save this. It’s works with different codes.

The code I like for the test:


Example on another site


User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0)
Gecko/20100101 Firefox/86.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Accept-Language: en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate, br

Content-Type: multipart/form-data;

Content-Length: 2816


Connection: keep-alive


Cookie: d9122e5739e92113272e5173db43cd67=72qdv1oufsi2avknr7614genno;
_ga=GA1.2.90714308.1615201744; _gid=GA1.2.178258541.1615201744

Upgrade-Insecure-Requests: 1

nrbooked=1&coupon_code=&field[3]=Mr&field[4]=&field[5]=azsxc&field[6]=ASD&field[8]=azsxc&field[9]=112233&field[10]=Zasx&field[11]=algeria&field[13][email protected]&field[14]=&field[15]=&field[16]=&field[17]=


I don’t publicly test the Joomla extensions anymore, but this time I
posted it publicly because I did xss art on the NATO site in this

Source link

Tagged with:

Leave a Reply