####################################### # Exploit Title: Joomla! Component Js Jobs - Multiple Cross Site Request Forgery Vulnerabilities # Google Dork: N/A # Date: 17-04-2018 ####################################### # Exploit Author: Sureshbabu Narvaneni# ####################################### # Author Blog : http://nullnews.in # Vendor Homepage: https://www.joomsky.com # Software Link: https://extensions.joomla.org/extension/js-jobs/ # Affected Version: 1.2.0 # Category: WebApps # Tested on: Win7 Enterprise x86/Kali Linux 4.12 i686 # CVE : NA ####################################### 1. Vendor Description: JS Jobs for any business, industry body or staffing company wishing to establish a presence on the internet. JS Jobs allows you to run your own, unique jobs classifieds service where you or employer can advertise their jobs and job seekers can upload their Resumes. 2. Technical Description: The state changing actions in JS Jobs before 1.2.1 not having any random token validation which results in Cross Site Request Forgery Vulnerability. 3. Proof of Concept: Delete Job Entry [Super Admin Access] 4. Solution: Update to latest version https://extensions.joomla.org/extension/js-jobs/