Ad Network Script Persistent XSS Vulnerability
<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>Ad Network Script Persistent XSS Vulnerability</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>==============================================
Ad Network Script Persistent XSS Vulnerability
==============================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /’ __ /’__` / __ /’__` 0
0 /_, ___ /_/_ ___ ,_/ / _ ___ 1
1 /_/ /’ _ ` / /_/__<_ /’___ / /`’__ 0
0 / / / / __/ _ _ / 1
1 _ _ __ ____/ ____\ __\ ____/ _ 0
0 /_//_//_/ _ /___/ /____/ /__/ /___/ /_/ 1
1 ____/ >> Exploit database separated by exploit 0
0 /___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I’m Sid3^effects member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Name : Ad Network Script Persistent XSS Vulnerability
Date : july 14,2010
Critical Level : HIGH
vendor URL :http://www.kaonsoftwares.com/
Price:330EUR :O
Author : Sid3^effects aKa HaRi
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends 
luv y0 guyz
#######################################################################################################
Description:
Ad Network Script is developed in PHP and uses a MySQL database. Ad Network Script allows you to run your own ads network similar to
adengage.com or adbrite.com. Features mutliple currency support, mulitple language support, categories, and more
#######################################################################################################
Xploit: Persistent XSS Vulnerability
Step 1: Register 
Step 2 : NOw goto directory
DEMO URL :http://products.kaonsoftwares.com/adbrite-clone/directory.php
YOu will find various sites listed .select any one and there you will see "BUY ADS"
The xss vuln is in the following options
1.Ad Text
2.Ad Headline
Insert ur xss script in the above options
Attack pattern : ">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>
DEMO URL :http://www.adnetworkscript.com/buy-ads.php
#######################################################################################################
# 0day no more
# Sid3^effec
# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-14]</pre><script type=’text/javascript’>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src=’" + gaJsHost + "google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E"));</script><script type=’text/javascript’>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
Source: http://inj3ct0r.com/exploits/13339
Leave a Reply