source: http://www.securityfocus.com/bid/12803/info
phpAdsNew is reportedly affected by a remote cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
http://www.example.com/[phpAdsNew]/adframe.php?refresh=example.com'>[XSS code]
{"id": "EDB-ID:25225", "hash": "fa87cc18c83ac6dba6f241d459afdf4e", "type": "exploitdb", "bulletinFamily": "exploit", "title": "PHPAdsNew 2.0.4 AdFrame.PHP Cross-Site Scripting Vulnerability", "description": "PHPAdsNew 2.0.4 AdFrame.PHP Cross-Site Scripting Vulnerability. CVE-2005-0791. Webapps exploit for php platform", "published": "2005-03-14T00:00:00", "modified": "2005-03-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/25225/", "reporter": "Maksymilian Arciemowicz", "references": [], "cvelist": ["CVE-2005-0791"], "lastseen": "2016-02-03T00:54:49", "history": [], "viewCount": 1, "enchantments": {"score": {"value": 4.2, "vector": "NONE", "modified": "2016-02-03T00:54:49"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0791"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231017335"]}], "modified": "2016-02-03T00:54:49"}, "vulnersScore": 4.2}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/25225/", "sourceData": "source: http://www.securityfocus.com/bid/12803/info\r\n\r\nphpAdsNew is reportedly affected by a remote cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.\r\n\r\nAn attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.\r\n\r\nhttp://www.example.com/[phpAdsNew]/adframe.php?refresh=example.com'>[XSS code] ", "osvdbidlist": ["14787"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter.", "modified": "2017-07-11T01:32:00", "id": "CVE-2005-0791", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0791", "published": "2005-03-14T05:00:00", "title": "CVE-2005-0791", "type": "cve", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-11-26T15:24:22", "bulletinFamily": "scanner", "description": "phpAdsNew is an open-source ad server, with an integrated banner\n management interface and tracking system for gathering statistics. With phpAdsNew you can easily\n rotate paid banners and your own in-house advertisements. You can even integrate banners from\n third party advertising companies.\n\n The product has been found to contain two vulnerabilities:\n\n * Path disclosure vulnerability\n\n * Cross Site Scripting", "modified": "2019-11-22T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231017335", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231017335", "title": "phpAdsNew Multiple Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# phpAdsNew Multiple Vulnerabilities\n#\n# Authors:\n# Noam Rathaus\n#\n# Copyright:\n# Copyright (C) 2005 Noam Rathaus\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.17335\");\n script_version(\"2019-11-22T13:51:04+0000\");\n script_tag(name:\"last_modification\", value:\"2019-11-22 13:51:04 +0000 (Fri, 22 Nov 2019)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_cve_id(\"CVE-2005-0791\");\n script_bugtraq_id(12803);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"phpAdsNew Multiple Vulnerabilities\");\n script_category(ACT_ATTACK);\n script_copyright(\"This script is Copyright (C) 2005 Noam Rathaus\");\n script_family(\"Web application abuses\");\n script_dependencies(\"find_service.nasl\", \"cross_site_scripting.nasl\", \"http_version.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n\n script_tag(name:\"impact\", value:\"An attacker may use the cross site scripting bug to perform phishing\n attacks.\");\n\n script_tag(name:\"summary\", value:\"phpAdsNew is an open-source ad server, with an integrated banner\n management interface and tracking system for gathering statistics. With phpAdsNew you can easily\n rotate paid banners and your own in-house advertisements. You can even integrate banners from\n third party advertising companies.\n\n The product has been found to contain two vulnerabilities:\n\n * Path disclosure vulnerability\n\n * Cross Site Scripting\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure of this vulnerability.\n Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the\n product or replace the product by another one.\");\n\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port( default:80 );\nif( ! can_host_php( port:port ) )\n exit( 0 );\n\nforeach dir( make_list_unique( \"/\", cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n\n url = string( dir, \"/adframe.php?refresh=example.com'<script>alert(document.cookie)</script>\" );\n req = http_get( item:url, port:port );\n res = http_keepalive_send_recv( port:port, data:req );\n\n if( res =~ \"HTTP/1\\.. 200\" && \"content='example.com\\'><script>alert(document.cookie)</script>'>\" >< res ) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
