This exploit leverages an XSS vulnerability in Joomla 1.6.3 to execute a CSRF attack, creating a superuser account with predefined credentials. The JavaScript payload automates form submission in the Joomla administrator interface.
Classification
Working Poc 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target:Joomla 1.6.3
No auth needed
Prerequisites:Victim must visit a crafted URL containing the XSS payload · Attacker must host the malicious JavaScript file on an external server