CVE-2013-7429
📋 TL;DR
This vulnerability allows remote attackers to conduct XML injection attacks via the url parameter in the Googlemaps plugin for Joomla!. Attackers can potentially read arbitrary files, execute code, or perform other malicious actions. Affects Joomla! websites using vulnerable versions of the Googlemaps plugin.
💻 Affected Systems
- Googlemaps plugin for Joomla!
📦 What is this software?
Googlemaps by Mapsplugin
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data theft, and website defacement.
Likely Case
Arbitrary file reading, sensitive information disclosure, and potential privilege escalation.
If Mitigated
Limited impact if proper input validation and file system permissions are enforced.
🎯 Exploit Status
Simple XML injection via URL parameter with publicly available proof-of-concept.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.1 and later
Vendor Advisory: http://www.mapsplugin.com/Google-Maps/Documentation-of-plugin-Googlemap/security-release-3-1-of-plugin-googlemaps.html
Restart Required: No
Instructions:
1. Log into Joomla! admin panel
2. Navigate to Extensions > Manage
3. Update Googlemaps plugin to version 3.1 or later
4. Clear Joomla! cache
🔧 Temporary Workarounds
Disable plugin
allTemporarily disable the Googlemaps plugin until patching is possible
Block access to vulnerable file
linuxUse web server configuration to block access to plugin_googlemap2_proxy.php
# Apache: Add to .htaccess
<Files "plugin_googlemap2_proxy.php">
Order Allow,Deny
Deny from all
</Files>
# Nginx: Add to server block
location ~* plugin_googlemap2_proxy\.php$ {
deny all;
return 403;
}
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block XML injection patterns
- Restrict file system permissions to limit what the web server can access
🔍 How to Verify
Check if Vulnerable:
Check Joomla! extensions manager for Googlemaps plugin version. If version is below 3.1, the system is vulnerable.Check Version:
# Check via Joomla! admin panel: Extensions > Manage > Googlemaps plugin detailsVerify Fix Applied:
Confirm Googlemaps plugin version is 3.1 or higher in Joomla! extensions manager.📡 Detection & Monitoring
Log Indicators:
- Unusual requests to plugin_googlemap2_proxy.php with XML payloads in URL parameters
- File access attempts outside normal plugin directories
Network Indicators:
- HTTP requests containing XML entities or file paths in URL parameters to the proxy endpoint
SIEM Query:
web.url="*plugin_googlemap2_proxy.php*" AND (web.query="*url=*%3C*%3E*" OR web.query="*url=*file:*" OR web.query="*url=*http:*")🔗 References
- http://seclists.org/fulldisclosure/2013/Jul/158
- http://www.mapsplugin.com/Google-Maps/Documentation-of-plugin-Googlemap/security-release-3-1-of-plugin-googlemaps.html
- http://www.openwall.com/lists/oss-security/2015/02/26/11
- http://www.openwall.com/lists/oss-security/2015/02/26/4
- http://seclists.org/fulldisclosure/2013/Jul/158
- http://www.mapsplugin.com/Google-Maps/Documentation-of-plugin-Googlemap/security-release-3-1-of-plugin-googlemaps.html
- http://www.openwall.com/lists/oss-security/2015/02/26/11
- http://www.openwall.com/lists/oss-security/2015/02/26/4
