Allembru Ad Manager version 3.0.2 suffers from a persistent cross site scripting vulnerability.
c17d6ba03ce68cb494b6af0d86c15683782964c178fa3803ff14b4d5f4ad75abAdvisory: Allembru Ad Manager 3.0.2 Persistent XSS Vulnerability
Version:3.0.2
Vendor URL: http://www.allembru.com/
Demo Link:http://www.allembru.com/wp-content/demos/ad-manager-v3/
Author: Viknesvaran Sittaramane
Category: Webapp
Twiiter: https://twitter.com/csvsn
~.~.~.~.~.~.~.~.~.~.~.
Product Description
~.~.~.~.~.~.~.~.~.~.~.
Ad Manager is a free and user friendly PHP language script that helps you manage, display, and track clicks to your affiliate marketing and advertising campaigns banner ads. With Ad Manager you can build multiple advertising campaigns of various ad sizes and display them anywhere on your web site.
~.~.~.~.~.~.~.~.~.~.~.
Vulnerability Description
~.~.~.~.~.~.~.~.~.~.~.
Ad Manager by Allembru suffers from Persistent Cross site Vulnerability
~.~.~.~.~.~.
PoC-Exploit
~.~.~.~.~.~.
Step1 : Login using the required credentials
Step2 : Create a New Campaign
Step3 : Insert the malicious script on field "Campaign name" and click submit.
Step4 : Persistent Cross site script is Confirmed
Parameter used : '"--><script>alert(0x000872)</script>
~.~.~.~.~.~.~.~.~.~.
Disclosure Timeline
~.~.~.~.~.~.~.~.~.~.
14th January 2013 -> Vendor Notified
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed