Joomla com_socialads Persistent Xss Vulnerability

vendor:

SocialAds for JomSocial

by:

Sid3^effects aKa HaRi

8,8

CVSS

HIGH

Persistent XSS

CWE

Product Name: SocialAds for JomSocial

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Joomla com_socialads Persistent Xss Vulnerability

With SocialAds for JomSocial, an attacker can create Facebook like demographically targeted ads to show on Your JomSocial Site. This extension allows advertisers to create their advertisement, Target the users they want to show the advertisement to, Decide if they want to pay by impressions or per click, Pay online & get the advertisement started up right away. An attacker can post XSS scripts in the ads description, which can be accessed by visiting the URL http://server/js/index.php?option=com_socialads&view=showad&Itemid=94 and http://server/js/index.php?option=com_socialads&view=adsummary&Itemid=94&adid=23.

Mitigation:

Input validation should be used to prevent XSS attacks. Sanitize user input and output to prevent malicious code from being executed.

Source

Exploit-DB raw data:

1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name :    Joomla com_socialads Persistent Xss Vulnerability
Date : july 3,2010
Critical Level 	: HIGH
vendor URL :http://techjoomla.com/
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,MA1201,KeDar,Sonic,gunslinger_
greetz to :www.topsecure.net ,All ICW members and my friends :) luv y0 guyz 
#######################################################################################################
Description:
With SocialAds for JomSocial, you can create Facebook like demographically targeted ads to show on Your JomSocial Site. This extension allows advertisers to create their advertisement , Target the users they want to show the advertisement to, Decide if they want to pay by impressions or per click, Pay online & get the advertisement started up right away !

#######################################################################################################
Xploit : Persistent Xss Vulnerability

Step 1: Register :D

Step 2: Goto to the option called "MANAGE YOUR ADS"

Step 3: In the ads description the attacker can post xss scripts 

DEMO URL :http://server/js/index.php?option=com_socialads&view=showad&Itemid=94

Attack Pattern :">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>

Steap 4: Now  check your ads :P

DEMO URL :http://server/js/index.php?option=com_socialads&view=adsummary&Itemid=94&adid=23
###############################################################################################################
# 0day no more 
# Sid3^effects