扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
1 ########################################## 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 ########################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name :Joomla com_socialads Persistent Xss Vulnerability Date : july 3,2010 Critical Level : HIGH vendor URL :http://techjoomla.com/ Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com> special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_ greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz ####################################################################################################### Description: With SocialAds for JomSocial, you can create Facebook like demographically targeted ads to show on Your JomSocial Site. This extension allows advertisers to create their advertisement , Target the users they want to show the advertisement to, Decide if they want to pay by impressions or per click, Pay online & get the advertisement started up right away ! ####################################################################################################### Xploit : Persistent Xss Vulnerability Step 1: Register :D Step 2: Goto to the option called "MANAGE YOUR ADS" Step 3: In the ads description the attacker can post xss scripts DEMO URL :http://server/js/index.php?option=com_socialads&view=showad&Itemid=94 Attack Pattern :">><marquee><h1>XSS3d By Sid3^effects</h1><marquee> Steap 4: Nowcheck your ads :P DEMO URL :http://server/js/index.php?option=com_socialads&view=adsummary&Itemid=94&adid=23 ############################################################################################################### # 0day no more # Sid3^effects |
体验盒子
