exploit the possibilities

Ad Muncher 4.81 Cross Site Scripting

Ad Muncher 4.81 Cross Site Scripting
Posted Dec 29, 2010
Authored by MustLive

Ad Muncher versions 4.81 and below suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 0fa1d8513b69bc1fc286ae4ef31437ee0f3760917a95bc68f2da8de87aa0bf1b

Ad Muncher 4.81 Cross Site Scripting

Change Mirror Download
Hello Full-Disclosure!

I want to warn you about Cross-Site Scripting vulnerability in Ad Muncher.

In May I already wrote about universal XSS in Ad Muncher
(http://websecurity.com.ua/4202/), which allowed to conduct XSS attacks on
any sites in any browsers. Which existed in versions before Ad Muncher 4.71.
I didn't post about it to the list, because of my conversation with Vladimir
Dubrovin aka 3APA3A, who told me that it was not interesting for him in
particular (because it was already fixed hole).

This vulnerability allows to bypass protection filters of the program and
renew universal XSS in Ad Muncher. Details of previous universal XSS
vulnerability in Ad Muncher (about all nuances of its work), which is
similar to new one (both of them can be used for reflected XSS and Saved XSS
attacks), was described in above-mentioned post and in short was described
(on English) in article Local XSS (http://websecurity.com.ua/4219/).

-------------------------
Affected products:
-------------------------

Vulnerable are Ad Muncher 4.81 and previous versions.

----------
Details:
----------

XSS (WASC-08):

By default in Ad Muncher 4.71 and next versions the showing of current URL
in body of current page (in helper script) is turned off and at that
previous hole is fixed. But by using other attack vectors it's still
possible to conduct XSS attack when ShowURLInHelper option is turned on.

It's universal XSS. Reflected XSS and Saved XSS attacks are possible with
using of this vulnerability.

The attack is possible in the next cases (in any browsers):

1. At pages with UTF-7.

http://site/utf-7.html?--+AD4-+ADw-script+AD4-alert(document.cookie)+ADw-/script+AD4-

At request to the page the code will execute automatically.

The attack can be conducted at any sites which have UTF-7 pages, or allow to
upload web pages to them (and in such way it's possible to set UTF-7
codepage).

2. At pages with any codepage except UTF-7.

http://site/utf-8.html?--+AD4-+ADw-script+AD4-alert(document.cookie)+ADw-/script+AD4-

At visiting of the page it's needed to force victim to change codepage to
UTF-7 and the code will execute automatically. This attack is similar to
strictly social XSS in Mozilla and Firefox, which I wrote about in my posts
Cross-Site Scripting in Mozilla and Firefox
(http://websecurity.com.ua/1413/) and Cross-Site Scripting with UTF-7 in
Mozilla and Firefox (http://websecurity.com.ua/3062/). It's possible in
browsers Mozilla 1.7.x and previous versions, Firefox 1, Firefox 2 and
Firefox 3.0 and Firefox 3.0.1 (and other browsers, which allow to set UTF-7
codepage).

------------
Timeline:
------------

2010.05.25 - announced at my site.
2010.05.25 - informed developers.
2010.11.10 - Ad Muncher 4.9 was released, in which this hole was fixed.
2010.12.28 - disclosed at my site.

I mentioned about this vulnerability at my site
(http://websecurity.com.ua/4231/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua


Login or Register to add favorites

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    26 Files
  • 18
    May 18th
    4 Files
  • 19
    May 19th
    17 Files
  • 20
    May 20th
    2 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    6 Files
  • 24
    May 24th
    19 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close