exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ad Muncher 4.81 Cross Site Scripting

Ad Muncher 4.81 Cross Site Scripting
Posted Dec 29, 2010
Authored by MustLive

Ad Muncher versions 4.81 and below suffer from cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 0fa1d8513b69bc1fc286ae4ef31437ee0f3760917a95bc68f2da8de87aa0bf1b

Ad Muncher 4.81 Cross Site Scripting

Change Mirror Download
Hello Full-Disclosure!

I want to warn you about Cross-Site Scripting vulnerability in Ad Muncher.

In May I already wrote about universal XSS in Ad Muncher
(http://websecurity.com.ua/4202/), which allowed to conduct XSS attacks on
any sites in any browsers. Which existed in versions before Ad Muncher 4.71.
I didn't post about it to the list, because of my conversation with Vladimir
Dubrovin aka 3APA3A, who told me that it was not interesting for him in
particular (because it was already fixed hole).

This vulnerability allows to bypass protection filters of the program and
renew universal XSS in Ad Muncher. Details of previous universal XSS
vulnerability in Ad Muncher (about all nuances of its work), which is
similar to new one (both of them can be used for reflected XSS and Saved XSS
attacks), was described in above-mentioned post and in short was described
(on English) in article Local XSS (http://websecurity.com.ua/4219/).

-------------------------
Affected products:
-------------------------

Vulnerable are Ad Muncher 4.81 and previous versions.

----------
Details:
----------

XSS (WASC-08):

By default in Ad Muncher 4.71 and next versions the showing of current URL
in body of current page (in helper script) is turned off and at that
previous hole is fixed. But by using other attack vectors it's still
possible to conduct XSS attack when ShowURLInHelper option is turned on.

It's universal XSS. Reflected XSS and Saved XSS attacks are possible with
using of this vulnerability.

The attack is possible in the next cases (in any browsers):

1. At pages with UTF-7.

http://site/utf-7.html?--+AD4-+ADw-script+AD4-alert(document.cookie)+ADw-/script+AD4-

At request to the page the code will execute automatically.

The attack can be conducted at any sites which have UTF-7 pages, or allow to
upload web pages to them (and in such way it's possible to set UTF-7
codepage).

2. At pages with any codepage except UTF-7.

http://site/utf-8.html?--+AD4-+ADw-script+AD4-alert(document.cookie)+ADw-/script+AD4-

At visiting of the page it's needed to force victim to change codepage to
UTF-7 and the code will execute automatically. This attack is similar to
strictly social XSS in Mozilla and Firefox, which I wrote about in my posts
Cross-Site Scripting in Mozilla and Firefox
(http://websecurity.com.ua/1413/) and Cross-Site Scripting with UTF-7 in
Mozilla and Firefox (http://websecurity.com.ua/3062/). It's possible in
browsers Mozilla 1.7.x and previous versions, Firefox 1, Firefox 2 and
Firefox 3.0 and Firefox 3.0.1 (and other browsers, which allow to set UTF-7
codepage).

------------
Timeline:
------------

2010.05.25 - announced at my site.
2010.05.25 - informed developers.
2010.11.10 - Ad Muncher 4.9 was released, in which this hole was fixed.
2010.12.28 - disclosed at my site.

I mentioned about this vulnerability at my site
(http://websecurity.com.ua/4231/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua


Login or Register to add favorites

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    0 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    0 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    0 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close