Joomla SocialAds Component com socialads Persistent XSS Vulnerability

EliteHackers
SALUT 2022!! NE-AM MUTAT PE DISCORD ! Vrei să inviți un prieten? [T]eoria [H]aosului [C]ontrolat - https://discord.com/invite/U4HBCHzm7r Acesta aste link-ul oficial al acestui server.

Lista Forumurilor Pe Tematici

EliteHackers | Reguli | Inregistrare | Login

POZE ELITEHACKERS

Nu sunteti logat.

Nou pe simpatie:
iulia2006

Femeie
24 ani
Bucuresti
cauta Barbat
25 - 49 ani

EliteHackers / Exploituri / Joomla SocialAds Component com_socialads Persistent XSS Vulnerability

Moderat de Ad_Infinitum, AntiKiler, Puscas_marin, r3v

Autor

Mesaj

Pagini: 1

r3v
Moderator

Inregistrat: acum 16 ani
Postari: 1158

Code:

1               ##########################################             1 
0               I'm Sid3^effects member from Inj3ct0r Team             1 
1               ##########################################             0 
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 
  
Name :    Joomla com_socialads Persistent Xss Vulnerability 
Date : july 3,2010 
Critical Level  : HIGH 
vendor URL :http://techjoomla.com/ 
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com> 
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_ 
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz  
####################################################################################################### 
Description: 
With SocialAds for JomSocial, you can create Facebook like demographically targeted ads to show on Your JomSocial Site. This extension allows advertisers to create their advertisement , Target the users they want to show the advertisement to, Decide if they want to pay by impressions or per click, Pay online & get the advertisement started up right away ! 
  
####################################################################################################### 
Xploit : Persistent Xss Vulnerability 
  
Step 1: Register :D 
  
Step 2: Goto to the option called "MANAGE YOUR ADS" 
  
Step 3: In the ads description the attacker can post xss scripts  
  
DEMO URL :http://server/js/index.php?option=com_socialads&view=showad&Itemid=94 
  
Attack Pattern :">><marquee><h1>XSS3d By Sid3^effects</h1><marquee> 
  
Steap 4: Now  check your ads :P 
  
DEMO URL :http://server/js/index.php?option=com_socialads&view=adsummary&Itemid=94&adid=23 
############################################################################################################### 
# 0day no more  
# Sid3^effects

_______________________________________
http://thieves-team.com
r3vyk.info
mess id: doar prin PM datorita faptului ca mi-au dat add 10000 de retardati care joaca metin

pus acum 15 ani

Pagini: 1

Mergi la