exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

PHPADSNEW-SA-2006-001.txt

PHPADSNEW-SA-2006-001.txt
Posted Apr 1, 2006
Authored by Matteo Beccati | Site phpadsnew.com

phpAdsNew and phpPgAds versions 2.0.7 and below suffer from multiple html injection and cross site scripting flaws.

tags | advisory, xss
SHA-256 | a793dcd9aecab47b9733118eb9d5787b238bd31ae7895adab51cebd13368c481

PHPADSNEW-SA-2006-001.txt

Change Mirror Download
========================================================================
phpAdsNew / phpPgAds security advisory PHPADSNEW-SA-2006-001
------------------------------------------------------------------------
Advisory ID: PHPADSNEW-SA-2006-001
Date: 2006-Mar-27
Security risk: medium risk
Applications affetced: phpAdsNew, phpPgAds
Versions affected: <= 2.0.7
Versions not affected: >= 2.0.8
========================================================================


========================================================================
Vulnerability 1: HTML injection / Cross-site scripting
========================================================================

Description
-----------
Some scripts inside the admin interface were displaying parameters
collected by the delivery scripts without proper sanitizing or escaping.
The delivery scripts have public access, while the admin interface is
restricted to logged in users. An attacker could inject HTML/XSS code
which could be displayed/executed in a later time inside the admin
interface.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.8.


========================================================================
Vulnerability 2: HTML injection / Cross-site scripting
========================================================================

Description
-----------
The login form was sending back to the browser the unmodified query
string, making possible for an attacker to inject HTML/XSS code by using
a specifically crafted URL.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.8.


Contact informations
====================

The security contact for phpAdsNew and phpPgAds can be reached at:
<security AT phpadsnew DOT com>


Best regards
--
Matteo Beccati
http://phpadsnew.com
http://phppgads.com
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close