<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Joomla Component com_socialads Persistent Xss Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>===========================================================
Joomla Component com_socialads Persistent Xss Vulnerability
===========================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /’ __ /’__` / __ /’__` 0
0 /_, ___ /_/_ ___ ,_/ / _ ___ 1
1 /_/ /’ _ ` / /_/__&lt;_ /’___ / /`’__ 0
0 / / / / __/ _ _ / 1
1 _ _ __ ____/ ____\ __\ ____/ _ 0
0 /_//_//_/ _ /___/ /____/ /__/ /___/ /_/ 1
1 ____/ &gt;&gt; Exploit database separated by exploit 0
0 /___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I’m Sid3^effects member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name : Joomla com_socialads Persistent Xss Vulnerability
Date : july 3,2010
Critical Level : HIGH
vendor URL :http://techjoomla.com/
Author : Sid3^effects aKa HaRi &lt;shell_c99[at]yahoo.com&gt;
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz
#######################################################################################################
Description:
With SocialAds for JomSocial, you can create Facebook like demographically targeted ads to show on Your JomSocial Site. This extension allows

advertisers to create their advertisement , Target the users they want to show the advertisement to, Decide if they want to pay by

impressions or per click, Pay online &amp; get the advertisement started up right away !

#######################################################################################################
Xploit : Persistent Xss Vulnerability

Step 1: Register :D

Step 2: Goto to the option called &quot;MANAGE YOUR ADS&quot;

Step 3: In the ads description the attacker can post xss scripts

DEMO URL :http://techjoomla.com/demos/js/index.php?option=com_socialads&amp;view=showad&amp;Itemid=94

Attack Pattern :&quot;&gt;&gt;&lt;marquee&gt;&lt;h1&gt;XSS3d By Sid3^effects&lt;/h1&gt;&lt;marquee&gt;

Steap 4: Now check your ads :P

DEMO URL :http://techjoomla.com/demos/js/index.php?option=com_socialads&amp;view=adsummary&amp;Itemid=94&amp;adid=23
###############################################################################################################
# 0day no more
# Sid3^effects

# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-03]</pre><script type=’text/javascript’>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src=’" + gaJsHost + "google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E"));</script><script type=’text/javascript’>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
Source: http://inj3ct0r.com/exploits/13100