Allembru Ad Manager version 3.0.2 suffers from a persistent cross site scripting vulnerability.
c17d6ba03ce68cb494b6af0d86c15683782964c178fa3803ff14b4d5f4ad75ab
Advisory: Allembru Ad Manager 3.0.2 Persistent XSS Vulnerability
Version:3.0.2
Vendor URL: http://www.allembru.com/
Demo Link:http://www.allembru.com/wp-content/demos/ad-manager-v3/
Author: Viknesvaran Sittaramane
Category: Webapp
Twiiter: https://twitter.com/csvsn
~.~.~.~.~.~.~.~.~.~.~.
Product Description
~.~.~.~.~.~.~.~.~.~.~.
Ad Manager is a free and user friendly PHP language script that helps you manage, display, and track clicks to your affiliate marketing and advertising campaigns banner ads. With Ad Manager you can build multiple advertising campaigns of various ad sizes and display them anywhere on your web site.
~.~.~.~.~.~.~.~.~.~.~.
Vulnerability Description
~.~.~.~.~.~.~.~.~.~.~.
Ad Manager by Allembru suffers from Persistent Cross site Vulnerability
~.~.~.~.~.~.
PoC-Exploit
~.~.~.~.~.~.
Step1 : Login using the required credentials
Step2 : Create a New Campaign
Step3 : Insert the malicious script on field "Campaign name" and click submit.
Step4 : Persistent Cross site script is Confirmed
Parameter used : '"--><script>alert(0x000872)</script>
~.~.~.~.~.~.~.~.~.~.
Disclosure Timeline
~.~.~.~.~.~.~.~.~.~.
14th January 2013 -> Vendor Notified