Ad Network Script Persistent XSS Vulnerability
Posted on 14 July 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Ad Network Script Persistent XSS Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>============================================== Ad Network Script Persistent XSS Vulnerability ============================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ########################################## 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 ########################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Ad Network Script Persistent XSS Vulnerability Date : july 14,2010 Critical Level : HIGH vendor URL :http://www.kaonsoftwares.com/ Price:330EUR :O Author : Sid3^effects aKa HaRi special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_ greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz ####################################################################################################### Description: Ad Network Script is developed in PHP and uses a MySQL database. Ad Network Script allows you to run your own ads network similar to adengage.com or adbrite.com. Features mutliple currency support, mulitple language support, categories, and more ####################################################################################################### Xploit: Persistent XSS Vulnerability Step 1: Register :P Step 2 : NOw goto directory DEMO URL :http://products.kaonsoftwares.com/adbrite-clone/directory.php YOu will find various sites listed .select any one and there you will see "BUY ADS" The xss vuln is in the following options 1.Ad Text 2.Ad Headline Insert ur xss script in the above options Attack pattern : ">><marquee><h1>XSS3d By Sid3^effects</h1><marquee> DEMO URL :http://www.adnetworkscript.com/buy-ads.php ####################################################################################################### # 0day no more # Sid3^effec # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-07-14]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
