exploit-db-mirror/exploits/php/webapps/14293.txt

        =======================================================
         Minify4Joomla Upload and Persistent XSS Vulnerability
        =======================================================

Name :  Minify4Joomla Upload and Persistent XSS Vulnerability
Date : july 9,2010
Critical Level 	: HIGH
vendor URL :http://waltercedric.com/
Author : Sid3^effects aKa HaRi
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description

Minify4Joomla combines, minifies, and caches JavaScript and CSS files on demand to speed up page loads. Minify (BSD license) is a PHP5 app that can combine multiple CSS or JavaScript files, compress their contents

######################################################################################################
Xploit :Upload Vulnerability

Step 1 : Register :D

Step 2 : Submit your article which has your evil script :P
 Demo Url :http://website/index.php?option=com_content&view=article&layout=form&Itemid=51

Step 3 : Now check your article..
#######################################################################################################
Xploit: Persistent XSS Vulnerability

Attack pattern :">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>

1.The attacker can insert xss scripts in the article section..
2.To submit your evil xss register and then go and submit your article

Demo url : http://website/index.php?option=com_content&view=article&layout=form&Itemid=51

3.Now  check your article
#######################################################################################################
# 0day no more
# Sid3^effects