what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ad Muncher 4.81 Cross Site Scripting

Ad Muncher 4.81 Cross Site Scripting
Posted Dec 29, 2010
Authored by MustLive

Ad Muncher versions 4.81 and below suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 0fa1d8513b69bc1fc286ae4ef31437ee0f3760917a95bc68f2da8de87aa0bf1b

Ad Muncher 4.81 Cross Site Scripting

Change Mirror Download
Hello Full-Disclosure!

I want to warn you about Cross-Site Scripting vulnerability in Ad Muncher.

In May I already wrote about universal XSS in Ad Muncher
(http://websecurity.com.ua/4202/), which allowed to conduct XSS attacks on
any sites in any browsers. Which existed in versions before Ad Muncher 4.71.
I didn't post about it to the list, because of my conversation with Vladimir
Dubrovin aka 3APA3A, who told me that it was not interesting for him in
particular (because it was already fixed hole).

This vulnerability allows to bypass protection filters of the program and
renew universal XSS in Ad Muncher. Details of previous universal XSS
vulnerability in Ad Muncher (about all nuances of its work), which is
similar to new one (both of them can be used for reflected XSS and Saved XSS
attacks), was described in above-mentioned post and in short was described
(on English) in article Local XSS (http://websecurity.com.ua/4219/).

Affected products:

Vulnerable are Ad Muncher 4.81 and previous versions.


XSS (WASC-08):

By default in Ad Muncher 4.71 and next versions the showing of current URL
in body of current page (in helper script) is turned off and at that
previous hole is fixed. But by using other attack vectors it's still
possible to conduct XSS attack when ShowURLInHelper option is turned on.

It's universal XSS. Reflected XSS and Saved XSS attacks are possible with
using of this vulnerability.

The attack is possible in the next cases (in any browsers):

1. At pages with UTF-7.


At request to the page the code will execute automatically.

The attack can be conducted at any sites which have UTF-7 pages, or allow to
upload web pages to them (and in such way it's possible to set UTF-7

2. At pages with any codepage except UTF-7.


At visiting of the page it's needed to force victim to change codepage to
UTF-7 and the code will execute automatically. This attack is similar to
strictly social XSS in Mozilla and Firefox, which I wrote about in my posts
Cross-Site Scripting in Mozilla and Firefox
(http://websecurity.com.ua/1413/) and Cross-Site Scripting with UTF-7 in
Mozilla and Firefox (http://websecurity.com.ua/3062/). It's possible in
browsers Mozilla 1.7.x and previous versions, Firefox 1, Firefox 2 and
Firefox 3.0 and Firefox 3.0.1 (and other browsers, which allow to set UTF-7


2010.05.25 - announced at my site.
2010.05.25 - informed developers.
2010.11.10 - Ad Muncher 4.9 was released, in which this hole was fixed.
2010.12.28 - disclosed at my site.

I mentioned about this vulnerability at my site

Best wishes & regards,
Administrator of Websecurity web site

Login or Register to add favorites

File Archive:

June 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    18 Files
  • 2
    Jun 2nd
    13 Files
  • 3
    Jun 3rd
    0 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    32 Files
  • 6
    Jun 6th
    39 Files
  • 7
    Jun 7th
    22 Files
  • 8
    Jun 8th
    17 Files
  • 9
    Jun 9th
    20 Files
  • 10
    Jun 10th
    0 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By